Workday confirmed a data breach where threat actors accessed sensitive information from a third-party customer relationship management platform. The exposed information primarily included contact details like names, email addresses, and phone numbers. Workday emphasized that no customer tenant data was accessed and swiftly cut off the attackers' access, implementing additional safeguards. Customers are warned about potential social engineering campaigns that might arise due to the breach. Workday reassured clients that they will never contact them via phone for secure details, urging caution in official communications.
We recently identified that Workday had been targeted and threat actors were able to access some information from our third-party CRM platform.
There is no indication of access to customer tenants or the data within them. We acted quickly to cut the access and have added extra safeguards to protect against similar incidents in the future.
It's important to remember that Workday will never contact anyone by phone to request a password or any other secure details.
This information is then used in subsequent social engineering attempts, or combined with other data already collected to make future social engineering attempts even more personalized.
Collection
[
|
...
]