Human resources technology company Workday has confirmed that a data breach has affected its third-party CRM platform. In a announcing the breach, the company said that a social engineering campaign had targeted its employees, with threat actors posing as IT or HR in order to trick employees into sharing account access or personal information.
The company says that while the threat actors were able to access some information from the CRM, there is no indication of any access to customer accounts or the data within them. “We acted quickly to cut the access and have added extra safeguards to protect against similar incidents in the future,” the post reads. Workday says that the information gathered from the CRM consists of “commonly available” business contact information such as names, email addresses and phone numbers. From the sound of its blog post, the information of Workday end users was not revealed, only information from the companies it has contracts with.
What is known with some certainty at this point is that Workday’s CRM was breached. The company’s statement that “no indication” of a deeper customer data breach was found is — often, the full scope of hacks like this aren’t known until later.
Earlier this year, Workday around 1,750 employees, or around 8.5 percent of its workforce. The company said it was “prioritizing innovation investments like AI and platform development, and rigorously evaluating the ROI of others across the board.”
The precise third-party CRM Workday is referring to was not disclosed. Earlier this year to a hack via the Salesforce app, and last year it would stop using Slack, the Salesforce-owned messaging platform, after a hack exposed company data.
