Workday experienced a cybersecurity incident involving a social engineering campaign that targeted employees across North America, EMEA and APJ. More than 19,300 individuals work at Workplace and the organization serves over 11,000 client companies, including nearly two-thirds of the Fortune 500. Threat actors contacted employees by text or phone pretending to be HR or IT to obtain account access or personal information. Malicious actors accessed data from Workday's third-party CRM platform, but there is no evidence that customer tenants or their data were accessed. Security leaders warned about increasing social engineering, urged employee vigilance, and emphasized vendor ecosystem risks and stronger defenses.
More than 19,300 individuals are employed at Workplace across North America, EMEA and APJ. The client list contains more than 11,000 companies across a range of sectors, including almost two-thirds of the Fortune 500 companies. According to the organization's on the incident, Workday was targeted by a social engineering campaign. The post stated, "In this campaign, threat actors contact employees by text or phone pretending to be from human resources or IT. Their goal is to trick employees into giving up account access or their personal information."
This also demonstrates that the attackers are out of other options and are resorting to more difficult and time-consuming methods to attack these organizations. Every piece of information they gain in these attacks can be used to conduct further campaigns and get closer to their goals. Organizations should put their employees on alert for any suspicious phone calls and texts, reminding them that HR and IT will never directly contact them for that information.
Collection
[
|
...
]