Workday Confirms Data Breach as WarLock Ransomware Hits Colt

Human-resources software provider Workday said attackers accessed a third-party customer relationship database and stole personal information such as names, email addresses and phone numbers. The company, which serves about 11,000 corporate customers and 70 million users, said it has “no indication” that its core customer systems were breached but warned the stolen data could be used in social-engineering scams. Workday discovered the intrusion on Aug. 6 and publicly disclosed it late on Aug. 18. Authorities and affected clients have been notified, and an internal investigation is under way. In a separate incident, Colt Technology Services experienced a multi-day outage after a cyberattack that forced the London-based telecom carrier to take parts of its IT network offline. A group calling itself WarLock claimed responsibility and has advertised what it says are one million Colt documents for sale on a dark-web forum for US$200,000. Colt said the affected internal system is separate from customer infrastructure and that some services have been restored while forensic work continues. The two disclosures add to a string of recent cyber incidents, including reported hits on Hitachi and South Korea’s Welcome Financial Group, highlighting continued pressure on corporate defenses. Law-enforcement agencies have been alerted, but neither Workday nor Colt has commented on any ransom demands or whether customer data has been definitively exposed.