Workday Confirms Data Breach: Hackers Steal Personal Information from Third-Party CRM Database
Leading human resources technology provider Workday has acknowledged a data breach, revealing unspecified personal information was stolen from one of its third-party customer relationship databases. The company’s blog post, published over the weekend, confirmed that the database primarily contained contact details such as names, email addresses, and phone numbers.
While Workday clarified there was no indication of access to customer tenants or data within them, they did not deny the possibility of customer information being compromised. The stolen data could potentially be used for social engineering scams aimed at tricking victims into providing sensitive data.
With over 11,000 corporate clients worldwide and serving around 70 million users, Workday’s clientele includes a diverse range of industries. According to reports by Bleeping Computer, the breach was discovered on August 6th.
The specific third-party customer database platform involved in the data breach remains undisclosed, although it follows a trend of cyberattacks targeting Salesforce-hosted databases used by large companies for storing customer data. In recent weeks, Google, Cisco, Qantas, and Pandora have also experienced data theft from their Salesforce databases.
Google attributed these breaches to the ShinyHunters group, notorious for voice phishing tactics that trick company employees into granting hackers access to their cloud-based databases. Google speculates that ShinyHunters is planning a data leak site to extort victims into paying ransoms to have their data deleted, mirroring the methods of ransomware gangs.
Workday declined further comment beyond its blog post and did not respond to queries regarding details such as the number of individuals affected by the data breach or the identities of those involved (either Workday employees or customers). The company also refrained from disclosing whether they possess logs to determine which customer data was exfiltrated.
Upon publication, Workday’s blog post disclosed the breach with a “noindex” tag in its source code, instructing search engines to ignore the page, making it challenging for web users to locate the information. The reasoning behind Workday concealing their data breach notification from search engines is unclear.
