Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Workday Data Breach Bears Signs of Widespread Salesforce Hack

Workday appears to have joined the list of major companies that had their Salesforce instances targeted by hackers. 

Workday data breach

HR and finance giant Workday has disclosed a data breach that may be the result of an attack launched as part of a widespread campaign.

Workday said threat actors gained access to a third-party customer relationship management (CRM) system and obtained “commonly available business contact information” such as names, phone numbers, and email addresses.

The company, which has over 20,000 employees, said the attack was part of a social engineering campaign that hit many large organizations recently. 

In this campaign, attackers call or text employees at the targeted organization, claiming to represent IT or HR in an effort to trick them into handing over personal information or account access.  

“There is no indication of access to customer tenants or the data within them. We acted quickly to cut the access and have added extra safeguards to protect against similar incidents in the future,” Workday said.

The HR firm believes the information obtained by the attackers may be useful for other social engineering attempts. 

Advertisement. Scroll to continue reading.

Based on its brief description of the incident, the company may have joined a long list of major organizations whose Salesforce instances were targeted recently by the notorious cybercrime groups Scattered Spider and/or ShinyHunters, which may have merged recently.

The list of companies apparently targeted in this campaign includes Adidas, Allianz Life, Cisco, Dior, Louis Vuitton, Google, and Air France and KLM.

The attackers are relying on social engineering to gain access to targeted Salesforce instances and the attacks do not seem to involve exploitation of a vulnerability or access to Salesforce systems. 

Related: Manpower Says Data Breach Stemming From Ransomware Attack Impacts 140,000

Related: Connex Credit Union Data Breach Impacts 172,000 People

Related: Columbia University Data Breach Impacts 860,000

Related: French Telecom Firm Bouygues Says Data Breach Affects 6.4M Customers

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

BlueVoyant has appointed Ravi Subramanian as CFO and Jamie Coleman as CCO.

Solana Foundation has appointed Michael Coates as Chief Information Security Officer.

Michael Sikorski has joined Coinbase as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.