Workday has faced a cyber attack linked to a campaign by the ShinyHunters group, affecting various large companies. The attack was identified as a social engineering campaign targeting multiple organisations. While specific details about the involved threat actor or supplier were not disclosed, it was confirmed that the attackers accessed certain information through a third-party CRM platform. Most of the information obtained included business contact details, which could potentially facilitate further scams. Workday assured there was no access to customer tenant data, emphasizing communication safety protocols.
We recently identified that Workday had been targeted and threat actors were able to access some information from our third-party CRM [customer relationship management] platform.
The type of information the actor obtained was primarily commonly available business contact information, like names, email addresses, and phone numbers, potentially to further their social engineering scams.
There is no indication of access to customer tenants or the data within them. We acted quickly to cut the access and have added extra safeguards to protect against similar incidents in the future.
All official communications from Workday come through our trusted support channels.
Collection
[
|
...
]