HR Giant Workday Discloses Data Breach After Hackers Compromise Third-Party CRM
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Workday, a leading provider of enterprise cloud applications for finance and human resources, has confirmed it was the target of a sophisticated social engineering<\/a> campaign that resulted in a data breach via a third-party Customer Relationship Management (CRM) platform.<\/p>\n The company emphasized that the incident did not compromise customer data or tenants.<\/p>\n In a recent disclosure, Workday explained that threat actors are targeting numerous large organizations through elaborate social engineering schemes. <\/p>\n These attacks involve contacting employees via text messages or phone calls while impersonating personnel from human resources or IT departments.<\/p>\n The primary objective of the attackers is to deceive employees into surrendering their account credentials or other sensitive personal information.<\/p>\n Workday\u2019s security team identified that the company had been targeted in this campaign, leading to unauthorized access to some information within its third-party CRM system. <\/p>\n According to the company\u2019s statement<\/a>, the compromised data was primarily \u201ccommonly available business contact information, like names, email addresses, and phone numbers.\u201d It is believed that the threat actors obtained this information to fuel further social engineering scams.<\/p>\n The company confirms that its core systems and customer environments remain secure. \u201cThere is no indication of access to customer tenants or the data within them,\u201d Workday announced, reassuring its extensive client base that its proprietary data was not affected.<\/p>\n Upon detecting the breach, Workday\u2019s cybersecurity team acted swiftly to terminate the unauthorized access and has since implemented additional security measures to prevent similar incidents<\/a>. The company is using this event to reinforce security awareness among its employees and the public.<\/p>\n As a reminder to its users and the general public, Workday reiterated its communication policies, stating, \u201cWorkday will never contact anyone by phone to request a password or any other secure details. All official communications from Workday come through our trusted support channels.\u201d<\/p>\n This incident highlights a growing trend where cybercriminals exploit the human element, often the weakest link in the security chain, to infiltrate corporate networks.<\/p>\n By targeting third-party vendors and using deceptive social engineering tactics, attackers can bypass traditional security defenses.<\/p>\n Organizations are urged to enhance employee training and awareness programs to recognize better and report such malicious attempts. For more details on Workday\u2019s security protocols, the company directs customers to its official Security and Trust webpage.<\/p>\n The post HR Giant Workday Discloses Data Breach After Hackers Compromise Third-Party CRM<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nBoost\u00a0your\u00a0SOC and help your team protect your business with free top-notch threat intelligence:\u00a0Request TI Lookup Premium Trial<\/a>.<\/code><\/strong><\/p>\n