Jessica O'ConnorHR and payroll software provider Workday has confirmed it was targeted in a recent cyber attack campaign but stressed there is no indication that customer systems or data were accessed.
The company said the incident formed part of a wider social engineering campaign affecting “many large organisations,” in which attackers posed as HR or IT staff in an attempt to trick employees into sharing login details or personal information.
In a statement, Workday said: “At Workday, trust and transparency guide everything we do.
“We want to let you know about a recent social engineering campaign targeting many large organizations, including Workday.”
The company explained that attackers were able to access limited information held in a third-party CRM platform, but acted quickly to cut off the breach.
It added: “There is no indication of access to customer tenants or the data within them.
“We acted quickly to cut the access and have added extra safeguards to protect against similar incidents in the future.”
Workday said the information obtained was “primarily commonly available business contact information, like names, email addresses, and phone numbers,” which could potentially be used to fuel further scams.
The company reminded users that it does not request sensitive information by phone.
The statement from the firm concluded: “It’s important to remember that Workday will never contact anyone by phone to request a password or any other secure details.
“All official communications from Workday come through our trusted support channels.”
