Workday Data Breach: Hackers Stole Personal Data

Workday Confirms Data Breach Affecting Customer Information

Workday, a leading provider of human resources technology, has recently acknowledged a security incident resulting in a data breach. This breach compromised personal information stored within a third-party customer relationship database.

Details of the Security Incident

The company revealed in a blog post published on Friday that an undefined quantity of personal data was stolen. This data primarily consisted of contact details, including names, email addresses, and phone numbers.

While Workday has not definitively stated whether customer information was specifically accessed, they indicated “no indication of access to customer tenants or the data within them.” These tenants are typically utilized by corporate clients for storing extensive human resources records and employee personal data.

Potential Risks and Impact

Workday warns that the stolen information could be exploited for sophisticated social engineering attacks. These attacks involve manipulating or coercing individuals into divulging sensitive data.

With a substantial customer base exceeding 11,000 organizations and serving over 70 million users globally, the potential impact is significant. The breach was initially detected on August 6, as reported by Bleeping Computer.

Connection to Recent Cyberattacks

The compromised third-party database platform remains unidentified by Workday. However, this incident aligns with a growing trend of cyberattacks targeting Salesforce-hosted databases used by major corporations for customer data storage.

Recent victims of similar breaches include prominent companies such as Google, Cisco, Qantas, and Pandora, all experiencing substantial data theft from their Salesforce databases.

Attribution and Tactics

Google has attributed these breaches to the hacking group ShinyHunters. This group is known for employing voice phishing techniques to gain access to cloud-based databases by deceiving company employees.

ShinyHunters is believed to be preparing data leak sites to extort victims, mirroring the operational model of ransomware gangs.

Limited Disclosure from Workday

A Workday spokesperson, Connor Spielmaker, offered no further comment beyond the initial blog post. Questions regarding the number of affected individuals and the specific data compromised – whether belonging to Workday employees or its corporate customers – remained unanswered.

The company also declined to disclose whether it possesses the technical capabilities, such as logs, to determine the extent of customer data exfiltration.

Search Engine Visibility Concerns

Notably, Workday’s blog post announcing the breach included a “noindex” tag in its source code at the time of publication. This tag instructs search engines to exclude the page from search results, potentially hindering public awareness.

The rationale behind concealing this data breach notification from search engines remains unclear.

Further Information

Individuals with information regarding the Workday data breach or attacks targeting Salesforce databases are encouraged to contact the reporter securely via encrypted message.

Updated with a response from Workday.

We’re always looking to evolve, and by providing some insight into your perspective and feedback into TechCrunch and our coverage and events, you can help us! Fill out this survey to let us know how we’re doing and get the chance to win a prize in return!