Workday Notifies of Phishing Campaign, No Customer Data Breached
PorAinvest
lunes, 18 de agosto de 2025, 11:58 am ET1 min de lectura
WDAY--
The breach was discovered earlier this month, with Workday notifying customers on August 6. The company stated that the information accessed was primarily commonly available business contact information, and there is no indication that customer tenants or the data within them were compromised [1].
The attack is believed to be part of a broader campaign by the extortion group known as ShinyHunters, which has targeted several high-profile companies, including Adidas and Google, using similar tactics. ShinyHunters has been known to demand ransoms to prevent the data from being leaked [2].
Workday emphasized that the company will never contact customers directly to request passwords or other secure details. Customers were advised to be cautious of any such requests and to verify the authenticity of communications through trusted support channels [1].
In response to the breach, Workday has implemented additional security measures to protect against similar incidents in the future. The company has also provided clear guidance to customers, reminding them of the importance of verifying communications and being vigilant against phishing attempts [1].
This incident underscores the ongoing threat posed by social engineering attacks and the importance of robust cybersecurity measures. As companies continue to rely on third-party platforms for various services, the risk of such breaches remains a significant concern for both businesses and their customers [2].
References:
[1] https://www.hrgrapevine.com/us/content/article/2025-08-18-hr-giant-workday-notifies-customers-of-data-breach-after-salesforce-cyberattack
[2] https://www.infosecurity-magazine.com/news/workday-reveals-crm-breach/
Workday has disclosed that bad actors accessed company information through a phishing campaign targeting employees. The attackers obtained common business contact information, such as names, email addresses, and phone numbers, to further social engineering scams. Workday has taken action to cut access and add extra safeguards to prevent similar incidents in the future.
Workday, a leading human resources software provider, has disclosed that bad actors gained access to company information through a phishing campaign targeting employees. The attackers obtained common business contact information, such as names, email addresses, and phone numbers, to further social engineering scams. Workday has taken action to cut access and add extra safeguards to prevent similar incidents in the future.The breach was discovered earlier this month, with Workday notifying customers on August 6. The company stated that the information accessed was primarily commonly available business contact information, and there is no indication that customer tenants or the data within them were compromised [1].
The attack is believed to be part of a broader campaign by the extortion group known as ShinyHunters, which has targeted several high-profile companies, including Adidas and Google, using similar tactics. ShinyHunters has been known to demand ransoms to prevent the data from being leaked [2].
Workday emphasized that the company will never contact customers directly to request passwords or other secure details. Customers were advised to be cautious of any such requests and to verify the authenticity of communications through trusted support channels [1].
In response to the breach, Workday has implemented additional security measures to protect against similar incidents in the future. The company has also provided clear guidance to customers, reminding them of the importance of verifying communications and being vigilant against phishing attempts [1].
This incident underscores the ongoing threat posed by social engineering attacks and the importance of robust cybersecurity measures. As companies continue to rely on third-party platforms for various services, the risk of such breaches remains a significant concern for both businesses and their customers [2].
References:
[1] https://www.hrgrapevine.com/us/content/article/2025-08-18-hr-giant-workday-notifies-customers-of-data-breach-after-salesforce-cyberattack
[2] https://www.infosecurity-magazine.com/news/workday-reveals-crm-breach/
Divulgación editorial y transparencia de la IA: Ainvest News utiliza tecnología avanzada de Modelos de Lenguaje Largo (LLM) para sintetizar y analizar datos de mercado en tiempo real. Para garantizar los más altos estándares de integridad, cada artículo se somete a un riguroso proceso de verificación con participación humana.
Mientras la IA asiste en el procesamiento de datos y la redacción inicial, un miembro editorial profesional de Ainvest revisa, verifica y aprueba de forma independiente todo el contenido para garantizar su precisión y cumplimiento con los estándares editoriales de Ainvest Fintech Inc. Esta supervisión humana está diseñada para mitigar las alucinaciones de la IA y garantizar el contexto financiero.
Advertencia sobre inversiones: Este contenido se proporciona únicamente con fines informativos y no constituye asesoramiento profesional de inversión, legal o financiero. Los mercados conllevan riesgos inherentes. Se recomienda a los usuarios que realicen una investigación independiente o consulten a un asesor financiero certificado antes de tomar cualquier decisión. Ainvest Fintech Inc. se exime de toda responsabilidad por las acciones tomadas con base en esta información. ¿Encontró un error? Reportar un problema
Comentarios
Aún no hay comentarios