Workday has confirmed a breach in one of its third-party CRM platforms, where attackers accessed some unspecified information. The attackers engaged in social engineering by impersonating HR or IT staff during the incident. Workday emphasized that there is no evidence of customer data being compromised within its core SaaS applications. The information obtained appears to be limited to business contact details, raising concerns about potential future scams. The company has responded swiftly to prevent further unauthorized access and has implemented additional security safeguards.
Workday disclosed that attackers gained access to one of its third-party CRM platforms, accessing 'some information' without touching core systems or customer tenants.
The attackers primarily acquired commonly available business contact information, which could facilitate future phishing or vishing scams.
Collection
[
|
...
]