Workday says hackers used social engineering to access personal data during a breach

Human resources technology company Workday has confirmed that a data breach has affected its third-party CRM platform. In a blog post announcing the breach, the company said that a social engineering campaign had targeted its employees, with threat actors posing as IT or HR in order to trick employees into sharing account access or personal information.

The company says that while the threat actors were able to access some information from the CRM, there is no indication of any access to customer accounts or the data within them. "We acted quickly to cut the access and have added extra safeguards to protect against similar incidents in the future," the post reads. Workday says that the information gathered from the CRM consists of "commonly available" business contact information such as names, email addresses and phone numbers. From the sound of its blog post, the information of Workday end users ...