Workday says hackers used social engineering to access personal data during a breach

Workday, a human resources technology company, has confirmed that a data breach has affected its third-party CRM platform. The breach was the result of a social engineering campaign targeting Workday employees, where threat actors posed as IT or HR personnel to trick employees into sharing account access or personal information. While the threat actors were able to access some information from the CRM, Workday has stated that there is no indication of any access to customer accounts or the data within them. The information gathered consists of commonly available business contact information, such as names, email addresses, and phone numbers. The company has acted quickly to cut the access and has added extra safeguards to protect against similar incidents in the future. However, the full scope of the hack may not be known until later, as is often the case with such incidents. Earlier this year, Workday had laid off around 1,750 employees, or 8.5% of its workforce, as it prioritized innovation investments like AI and platform development.