Workday Discloses CRM Breach as ShinyHunters Target Large Firms

Human-resources software provider Workday said attackers used a social-engineering campaign to break into one of its third-party customer-relationship management platforms and remove business contact information, including names, email addresses and phone numbers. The company detected the intrusion on 6 August and disclosed it late on 18 August, adding that logs show no evidence the hackers reached customers’ HR data or other core systems. Workday, whose cloud tools are used by about 11,000 companies and 70 million workers, said it has cut off the unauthorised access and tightened internal security. The stolen details could be used to mount further phishing schemes, the Pleasanton, California-based company warned in notifications sent to clients. Cyber-security researchers have linked the incident to ShinyHunters, a group blamed for recent thefts from Salesforce-hosted databases at Google, Cisco, Qantas and other large firms. The same campaign is also thought to be behind a July breach at insurer Allianz Life that exposed records of roughly 1.1 million customers, according to data-breach tracker Have I Been Pwned. Workday has not commented on the attribution but said multiple big organisations were targeted in the same wave of attacks.