Workday warns of CRM breach after social engineers make off with business contact details

Workday has admitted that attackers gained access to one of its third-party CRM platforms, but insists its core systems and customer tenants are untouched.

In a short blog posted late last week, Workday disclosed that crooks sweet-talked staff by posing as HR or IT, and in doing so waltzed off with "some information" from an unnamed CRM system.

The company stressed there was "no indication" anyone had obtained customer data stored inside Workday's flagship SaaS apps.

"We acted quickly to cut the access and have added extra safeguards to protect against similar incidents in the future," Workday said, while failing to mention how long the attackers had access or what exact measures were taken to avoid such future incidents.

The biz hasn't said which CRM platform was targeted either, but said the attackers' loot appears to be limited to "primarily commonly available business contact information, like names, email ...