Workday has confirmed a data breach after threat actors gained access to a third-party customer relationship management (CRM) platform.
In a blog post on Friday, the HR tech giant said hackers gained access to sensitive information hosted on the affected CRM system, but insisted no customer tenants – or the data contained within – were accessed.
Information exposed in the breach primarily included contact details such as names, email addresses, and phone numbers, the company revealed.
“We recently identified that Workday had been targeted and threat actors were able to access some information from our third-party CRM platform,” the company stated in its advisory.
“There is no indication of access to customer tenants or the data within them. We acted quickly to cut the access and have added extra safeguards to protect against similar incidents in the future.”
Given the nature of the information exposed in the breach, Workday warned customers to be wary of potential social engineering campaigns in the wake of the incident.
“It’s important to remember that Workday will never contact anyone by phone to request a password or any other secure details,” the firm said. “All official communications from Workday come through our trusted support channels.”
Kevin Marriott, senior manager of cyber and head of SecOps at Immersive, said this is a typical tactic observed in the aftermath of a data breach.
“This information is then used in subsequent social engineering attempts, or combined with other data already collected to make future social engineering attempts even more personalized, using the data captured," he said.
Workday data breach the latest CRM-based incident
While Workday didn’t specifically identify the CRM system affected in the breach, the news comes in the wake of a string of Salesforce-based attacks on enterprises globally.
Threat intelligence research shows that the ShinyHunters threats group has conducted a wide-reaching campaign targeting Salesforce users in recent months.
Companies impacted in the campaign are believed to include Qantas, Allianz Life, Adidas, and several other retail brands worldwide.
Similarly, Google recently confirmed it had been attacked as part of the campaign. The discovery came after threat researchers at the tech giant investigating the ShinyHunters group realized it too had fallen victim.
The social engineering campaign involves duping employees into linking a malicious OAuth app to the target company’s Salesforce instances.
Once access to an impacted database has been achieved, threat actors are then able to access, query, and exfiltrate sensitive information from customer environments, according to Google’s blog post detailing the campaign.
Marriott noted that CRM tools are a popular target for threat actors, largely due to the volume of useful information hosted on these platforms.
“CRM tooling is often a key target for threat actors as they typically store limited, but valuable information that threat actors can either use themselves or sell on, with databases full of information that is useful such as email addresses and other personal information,” he said.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Banking details of 30 million Santander customers exposed during breach
- Nearly one-third of ransomware victims are hit multiple times
- US extradites French ShinyHunters hacker, faces 123 years in prison
-
AI isn't taking anyone's jobs, finds Yale study – at least not yetReviews Researchers say it's too soon to know what generative AI's impact will be on the workforce
-
A new 'top-tier' Chinese espionage group is stealing sensitive datanews Phantom Taurus has been operating for two years and uses custom-built malware to maintain long-term access to critical targets
-
A malicious MCP server is silently stealing user emailsNews Koi Security says it's discovered the first malicious MCP server in the wild, exposing a risk to the entire ecosystem
-
NCA confirms arrest after airport cyber disruptionNews Disruption is easing across Europe following the ransomware incident
-
Cyber skills shortages are pushing firms into dangerous shortcuts – and it’s putting them at huge risk of security breachesNews Chronic cyber skills shortages mean many businesses are implementing quick fixes
-
Pentesters are now a CISOs best friend as critical vulnerabilities skyrocketNews Attack surfaces are expanding rapidly, but pentesters are here to save the day
-
Hackers are disguising malware as ChatGPT, Microsoft Office, and Google Drive to dupe workersNews Beware of downloading applications like ChatGPT, Microsoft Office applications, and Google Drive through search engines
-
Generative AI attacks are accelerating at an alarming rateNews Two new reports from Gartner highlight the new AI-related pressures companies face, and the tools they are using to counter them
-
A terrifying Microsoft flaw could’ve allowed hackers to compromise ‘every Entra ID tenant in the world’News The Entra ID vulnerability could have allowed full access to virtually all Azure customer accounts
-
‘Channel their curiosity into something meaningful’: Cyber expert warns an uptick of youth hackers should be a ‘wake-up call’ after teens charged over TfL attackNews Encouraging youths to engage in positive tech initiatives will guide them down the right path and away from nefarious activities
