HR and finance giant Workday has disclosed a data breach that may be the result of an attack launched as part of a widespread campaign.
Workday said threat actors gained access to a third-party customer relationship management (CRM) system and obtained “commonly available business contact information” such as names, phone numbers, and email addresses.
The company, which has over 20,000 employees, said the attack was part of a social engineering campaign that hit many large organizations recently.
In this campaign, attackers call or text employees at the targeted organization, claiming to represent IT or HR in an effort to trick them into handing over personal information or account access.
“There is no indication of access to customer tenants or the data within them. We acted quickly to cut the access and have added extra safeguards to protect against similar incidents in the future,” Workday said.
The HR firm believes the information obtained by the attackers may be useful for other social engineering attempts.
Based on its brief description of the incident, the company may have joined a long list of major organizations whose Salesforce instances were targeted recently by the notorious cybercrime groups Scattered Spider and/or ShinyHunters, which may have merged recently.
The list of companies apparently targeted in this campaign includes Adidas, Allianz Life, Cisco, Dior, Louis Vuitton, Google, and Air France and KLM.
The attackers are relying on social engineering to gain access to targeted Salesforce instances and the attacks do not seem to involve exploitation of a vulnerability or access to Salesforce systems.
Related: Manpower Says Data Breach Stemming From Ransomware Attack Impacts 140,000
Related: Connex Credit Union Data Breach Impacts 172,000 People
Related: Columbia University Data Breach Impacts 860,000
Related: French Telecom Firm Bouygues Says Data Breach Affects 6.4M Customers
