OpenAI says two employees’ devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company to rotate code-signing certificates for its applications as a precaution.

In a security advisory published today, the company said the incident did not impact customer data, production systems, intellectual property, or deployed software.

The company says the breach is linked to the recent “Mini Shai-Hulud” supply-chain campaign by the TeamPCP extortion gang, which targeted developers by slipping malicious updates into trusted and popular software packages.