Information obtained was primarily commonly available business contact information such as names, email addresses and phone numbers.
Workday has reported a data breach linked to a third-party CRM platform.
The business software giant said in a blog post that it recently identified that it had been targeted, and threat actors were able to access some information from its third-party CRM platform.
“There is no indication of access to customer tenants or the data within them,” it said. “We acted quickly to cut the access and have added extra safeguards to protect against similar incidents in the future.”
Information obtained was primarily commonly available business contact information such as names, email addresses and phone numbers.
William Wright, CEO of Closed Door Security, said that this notification suggests that Workday may be joining a growing list of Salesforce CRM breaches, where the attackers used social engineering to trick employees into granting them access to the platform, after which data was exfiltrated.
Good News
Also, Chris Linnell, associate director of Data Privacy at Bridewell, pointed out the good news that Workday has confirmed the breach did not affect its core platform or customer tenant. “This is a significant relief, especially given that Workday is widely used for HR and payroll processing, often involving sensitive and special category data. The confidentiality of employee data, such as health information, diversity metrics, and financial detail, remains intact.”
Richard Orange, VP EMEA at Abnormal AI, said: “The exposure of business contact information will provide attackers with the raw materials to launch convincing follow-on phishing, vishing, or business email compromise campaigns. Attackers leverage the data and combine it with bad AI to create hyper realistic attacks that are hard to detect by the human eye.
“Stopping social engineering isn’t just a technical issue, it’s a cultural one. That’s why employee awareness is critical. Organisations need to ensure their people are trained to recognise and report suspicious requests, particularly those that pressure them to approve third-party applications or share credentials.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
