Workday, one of the world’s largest human resources software providers, has disclosed a data breach following a social engineering attack that targeted a third-party customer relationship management (CRM) system.
According to Workday, attackers were able to access information stored on the compromised CRM platform, but customer tenants and their internal data remain unaffected.
“We recently identified that Workday had been targeted and threat actors were able to access some information from our third-party CRM platform. There is no indication of access to customer tenants or the data within them,” the company stated.
The stolen information primarily includes business contact details, such as names, email addresses, and phone numbers, which could potentially be abused in follow-up phishing or social engineering scams.
The breach was first discovered on August 6, nearly two weeks before Workday publicly acknowledged the incident. Attackers reportedly contacted employees via text messages and phone calls, impersonating HR or IT staff to trick them into revealing account access or personal details.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
