Workday: Data leak at HR software provider
Criminals have gained access to the cloud service Workday, which organizes HR and finance for companies, in an IT incident.
Workday headquarters in Pleasanton, California.
(Image: Workday)
The cloud company Workday, which specializes in human resources (HR) and financial planning services, has been the victim of an IT incident. According to the company, cybercriminals were able to gain access to Workday's CRM system. According to the company, data from around 11,000 customers from more than 175 countries worldwide was potentially leaked.
Workday has now announced this on its website. A social engineering campaign has affected many larger organizations, including Workday, the company explains. Malicious actors have contacted employees by text message or phone, pretending to be from HR or IT. They aim to get employees to disclose their login details or personal information.
Workday had discovered that unknown persons had gained access to the third-party CRM platform used. The company emphasized that there was no evidence that customer tenants or data had been accessed. Workday reacted quickly to close the access and took further protective measures to guard against similar incidents in the future.
Videos by heise
Information leaked
The data that the attackers were able to access was primarily publicly available business contact information such as names, email addresses, and phone numbers. This allows them to expand their fraud attempts.
Therefore, it is important to know that Workday never contacts anyone over the phone to request a password or other security details. All communication comes through the trusted communication channels, Workday adds.
Last Friday, an IT incident at Infoniqa also came to light. The company is also active in the field of human resources and payroll “as a service.” The extent of the incident and potential data leak is currently unknown.
(dmk)
