Based on the wording, it's my belief that CircleCI was referring to Segment, but I have 0 inside information to confirm this.
Even if it was though, Circle discovered this issue on their own through an automated notification of an action taken; they do not seem to have been notified directly by Segment. It doesn't seem fair to assume that _if_ Circle is referring to Segment, that either company did anything wrong in their response here.
It's possible that CircleCI was one of the 13 breached workspaces:
> For a small subset of customers (13), the unauthorized party was able to gain read-only access to their workspaces and click around in their accounts for up to a few minutes. These customers have been notified.
Even if it was though, Circle discovered this issue on their own through an automated notification of an action taken; they do not seem to have been notified directly by Segment. It doesn't seem fair to assume that _if_ Circle is referring to Segment, that either company did anything wrong in their response here.