Human resources giant Workday has disclosed a data breach after attackers gained access to a third-party customer relationship management (CRM) platform in a recent social engineering attack.
Headquartered in Pleasanton, California, Workday has over 19,300 employees in offices across North America, EMEA, and APJ. Workday's customer list comprises over 11,000 organizations across a diverse range of industries, including more than 60% of the Fortune 500 companies.
As the company revealed in a Friday blog, the attackers gained access to some of the information stored on the compromised CRM systems, adding that no customer tenants were impacted.
"We want to let you know about a recent social engineering campaign targeting many large organizations, including Workday," the HR giant said.
"We recently identified that Workday had been targeted and threat actors were able to access some information from our third-party CRM platform. There is no indication of access to customer tenants or the data within them."
However, some business contact information was exposed in the incident, including customer data that could be used in subsequent attacks.
"The type of information the actor obtained was primarily commonly available business contact information, like names, email addresses, and phone numbers, potentially to further their social engineering scams," it added.
In a separate notification sent to potentially affected customers and seen by BleepingComputer, the company added that the breach was discovered almost two weeks ago, on August 6.
Workday added that the attackers contact employees via text or phone, pretending to be from Human Resources or IT, in an attempt to trick them into revealing account access or personal information.
Breached in Salesforce data-theft attacks
... continue reading