A data breach has been exposed in Workday's Customer Relationship Management system
Workday, a leading business software giant, has recently suffered a data breach. The attack, which is strikingly similar to recent campaigns carried out by the cybercriminal group known as Lapsus$ or related affiliates, allows the attackers to access the corporate Salesforce database and exfiltrate its contents.
The compromised data in the attack was primarily business contact information, including names, email addresses, and phone numbers. This breach is linked to a third-party Customer Relationship Management (CRM) platform. Firms such as LVMH, Chanel, Pandora, Adidas, Qantas, Google, and Air France-KLM have had data compromised in this way.
The attack on Workday is reminiscent of the ShinyHunters group's modus operandi. ShinyHunters targets employees with vishing calls impersonating IT helpdesk or HR. In these campaigns, employees are tricked into downloading an OAuth app or handing over their credentials. The compromised data is then held to ransom.
ShinyHunters has been linked to the Scattered Spider collective, which has been blamed for multiple ransomware attacks on UK retailers earlier this year. No specific information about the ShinyHunters or the Chanel and Pandora breaches was provided in the earlier paragraphs or this one.
In response to the data breach, Workday acted quickly to cut the access and added extra safeguards to protect against similar incidents in the future. The company issued a statement on Friday, mentioning that threat actors were able to access some information from Workday's third-party CRM platform.
A recent ReliaQuest report suggests that financial services firms could be next on the target list. Workday, however, assures that there is no indication of access to customer tenants or the data within them. The company is currently working closely with law enforcement and forensic experts to investigate the incident further.
While an image credit was given for the article, it does not contain any factual information. As the investigation continues, Workday and the affected firms will provide updates on the situation. Until then, it is crucial for all businesses to remain vigilant against social engineering campaigns and to reinforce their security measures to protect against such threats.
