Workday, a leading provider of enterprise cloud applications for finance and human resources, has confirmed it was the target of a sophisticated social engineering campaign that resulted in a data breach via a third-party Customer Relationship Management (CRM) platform.
The company emphasized that the incident did not compromise customer data or tenants.
In a recent disclosure, Workday explained that threat actors are targeting numerous large organizations through elaborate social engineering schemes.
These attacks involve contacting employees via text messages or phone calls while impersonating personnel from human resources or IT departments.
The primary objective of the attackers is to deceive employees into surrendering their account credentials or other sensitive personal information.
Workday’s security team identified that the company had been targeted in this campaign, leading to unauthorized access to some information within its third-party CRM system.
According to the company’s statement, the compromised data was primarily “commonly available business contact information, like names, email addresses, and phone numbers.” It is believed that the threat actors obtained this information to fuel further social engineering scams.
The company confirms that its core systems and customer environments remain secure. “There is no indication of access to customer tenants or the data within them,” Workday announced, reassuring its extensive client base that its proprietary data was not affected.
Upon detecting the breach, Workday’s cybersecurity team acted swiftly to terminate the unauthorized access and has since implemented additional security measures to prevent similar incidents. The company is using this event to reinforce security awareness among its employees and the public.
As a reminder to its users and the general public, Workday reiterated its communication policies, stating, “Workday will never contact anyone by phone to request a password or any other secure details. All official communications from Workday come through our trusted support channels.”
This incident highlights a growing trend where cybercriminals exploit the human element, often the weakest link in the security chain, to infiltrate corporate networks.
By targeting third-party vendors and using deceptive social engineering tactics, attackers can bypass traditional security defenses.
Organizations are urged to enhance employee training and awareness programs to recognize better and report such malicious attempts. For more details on Workday’s security protocols, the company directs customers to its official Security and Trust webpage.
Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.
Source link
