Published 16 days ago • loading... • Updated 15 days ago

Workday Confirms CRM Breach via Social Engineering

Workday, a human resources software firm, confirmed a data breach on August 6 after attackers accessed a third-party CRM platform from its Pleasanton, CA offices.
The breach occurred through a social engineering campaign where attackers posed as HR or IT staff to trick employees, linked to the ShinyHunters extortion group.
The attackers accessed mostly routine professional contact details, including individual identities, electronic mail contacts, and telephone numbers, which could be exploited for future phishing or voice-based social engineering attacks.
Workday responded promptly by restricting access and implementing additional security measures, emphasizing that there is no evidence indicating any compromise of customer data within their platform or impact on customer accounts.
The breach highlights ongoing sophisticated cyberattacks targeting Salesforce-hosted CRM systems, suggesting continued vigilance and preparedness are critical for organizations.

Insights by Ground AI

Does this summary seem wrong?

Podcasts & Opinions

Podcast Mention

Cyber Security Today

One of the top podcasts on Cyber Security. It features three news shows a week that look at some of the top stories in Cyber Security. It also has a week in review show with an expert panel who go in depth into the news of the week and what it means for cyber security professionals and the businesses they serve.

Cybersecurity Breaches: Salesforce, Workday, and Critical Infrastructure Hacked

Cyber Security Today discuss Workday's data breach through a third-party CRM and social engineering tactics.

14 days ago

Listen to Full Episode Full Episode Unlock Timestamp

Get Vantage — Podcasts, Ratings, Timestamps

Podcasts & Opinions

15 Articles

The Register

Center

Workday confirms CRM breach via social engineering

: HR SaaS giant insists core systems untouched

15 days ago

Read Full Article

Tech Radar

Center

Hackers breach HR firm Workday - is it the latest Salesforce CRM attack victim?

Third-party CRM was used to target ‘many large organizations’

15 days ago·United Kingdom

Read Full Article

Silicon Republic

Reposted by

BizToc

Center

Workday hit by data breach targeting CRM systems

The US company was affected by a social engineering campaign that bears similarities to a recent wave of attacks by extortion group ShinyHunters.

15 days ago

Read Full Article

TechCrunch

+2 Reposted by 2 other sources

Center

HR giant Workday says hackers stole personal data in recent breach

The HR tech giant said it had no indication of any unauthorized access to customer systems, but has not ruled out a breach affecting customers' personal information.

15 days ago·United States

Read Full Article

BleepingComputer

Reposted by

unsafe.sh

Center

HR giant Workday discloses data breach after Salesforce attack

Human resources giant Workday has disclosed a data breach after attackers gained access to a third-party customer relationship management (CRM) platform in a recent social engineering attack.

16 days ago

Read Full Article

cybernoz.com

Workday Hit In Wave Of Social Engineering Attacks - Cybernoz - Cybersecurity News

Human resources (HR) platform provider Workday has become the latest large organisation to fall victim to a cyber attack originating through a third-party supplier, as the impact of a wave of cyber attacks – likely orchestrated through Salesforce products and linked to the ShinyHunters cyber crime collective – continues to reverberate. In a notice published just prior to the weekend of 16–17 August, the firm said it had fallen victim to a social…

15 days ago

Read Full Article

Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/year