Workday has confirmed a data breach after threat actors gained access to a third-party customer relationship management (CRM) platform.
In a blog post on Friday, the HR tech giant said hackers gained access to sensitive information hosted on the affected CRM system, but insisted no customer tenants – or the data contained within – were accessed.
Information exposed in the breach primarily included contact details such as names, email addresses, and phone numbers, the company revealed.
“We recently identified that Workday had been targeted and threat actors were able to access some information from our third-party CRM platform,” the company stated in its advisory.
“There is no indication of access to customer tenants or the data within them. We acted quickly to cut the access and have added extra safeguards to protect against similar incidents in the future.”
Given the nature of the information exposed in the breach, Workday warned customers to be wary of potential social engineering campaigns in the wake of the incident.
“It’s important to remember that Workday will never contact anyone by phone to request a password or any other secure details,” the firm said. “All official communications from Workday come through our trusted support channels.”
Kevin Marriott, senior manager of cyber and head of SecOps at Immersive, said this is a typical tactic observed in the aftermath of a data breach.
“This information is then used in subsequent social engineering attempts, or combined with other data already collected to make future social engineering attempts even more personalized, using the data captured," he said.
Workday data breach the latest CRM-based incident
While Workday didn’t specifically identify the CRM system affected in the breach, the news comes in the wake of a string of Salesforce-based attacks on enterprises globally.
Threat intelligence research shows that the ShinyHunters threats group has conducted a wide-reaching campaign targeting Salesforce users in recent months.
Companies impacted in the campaign are believed to include Qantas, Allianz Life, Adidas, and several other retail brands worldwide.
Similarly, Google recently confirmed it had been attacked as part of the campaign. The discovery came after threat researchers at the tech giant investigating the ShinyHunters group realized it too had fallen victim.
The social engineering campaign involves duping employees into linking a malicious OAuth app to the target company’s Salesforce instances.
Once access to an impacted database has been achieved, threat actors are then able to access, query, and exfiltrate sensitive information from customer environments, according to Google’s blog post detailing the campaign.
Marriott noted that CRM tools are a popular target for threat actors, largely due to the volume of useful information hosted on these platforms.
“CRM tooling is often a key target for threat actors as they typically store limited, but valuable information that threat actors can either use themselves or sell on, with databases full of information that is useful such as email addresses and other personal information,” he said.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Banking details of 30 million Santander customers exposed during breach
- Nearly one-third of ransomware victims are hit multiple times
- US extradites French ShinyHunters hacker, faces 123 years in prison
-
Malicious URLs overtake email attachments as the biggest malware threatNews With malware threats surging, research from Proofpoint highlights the increasing use of off-the-shelf 'phish kits' like CoGUI and Darcula
-
This powerful new mini PC is great for SMBs on a budgetNews The Lecoo Mini Pro is a compact, powerful bit of kit for home office workers
-
Malicious URLs overtake email attachments as the biggest malware threat
News With malware threats surging, research from Proofpoint highlights the increasing use of off-the-shelf 'phish kits' like CoGUI and Darcula
-
Using DeepSeek at work is like ‘printing out and handing over your confidential information’News Thinking of using DeepSeek at work? Think again. Cybersecurity experts have warned you're putting your enterprise at huge risk.
-
Warning issued as new Pakistan-based malware group hits millions globallyNews Tempting people in with offers of pirated software, the network installs commodity infostealers, according to CloudSEK
-
LevelBlue and Akamai are teaming up to launch a managed web application and API protection serviceNews The new Managed WAAP offering aims to help organizations secure their rapidly expanding web app and API ecosystems
-
Everything we know so far about the Canadian House of Commons data breachNews Speculation is mounting over the source of the breach
-
Identity security is more important than ever – here’s whyNews 78% of enterprises told Okta that controlling access and permissions for non-human identities is now their main identity security concern.
-
Average ransom payment doubles in a single quarterNews Targeted social engineering and data exfiltration have become the biggest tactics as three major ransomware groups dominate
-
BlackSuit ransomware gang taken down in latest law enforcement sting – but members have already formed a new groupNews The notorious gang has seen its servers taken down and bitcoin seized, but may have morphed into a new group called Chaos
