HR Giant Workday Says Hackers Stole Personal Data in Recent Breach
Workday, one of the largest providers of human resources technology, has confirmed a data breach that allowed hackers to steal personal information from one of its third-party customer relationship databases. In a blog post published late Friday, the HR technology giant revealed that the hackers stole an unspecified amount of personal information from the database, which Workday said was primarily used to store contact information, such as names, email addresses, and phone numbers.
Workday did not explicitly rule out that customer information was taken in the data breach, stating only that there was “no indication of access to customer tenants or the data within them,” which corporate customers typically use to store the bulk of their human resources files and employees’ personal data. The company said the stolen information may be used to further social engineering scams, where hackers trick or threaten victims into giving them access to sensitive data.
Workday has more than 11,000 corporate customers, serving at least 70 million users around the world, per the company’s website. This breach highlights the vulnerability of even large and reputable companies like Workday, which is widely used by businesses globally.
A Recent Pattern of Cyberattacks Targeting Salesforce-Hosted Databases
In recent weeks, Google, Cisco, airline giant Qantas, and retailer Pandora have all had reams of data stolen from their Salesforce databases. Google attributed the breaches to ShinyHunters, a group of hackers known for using voice phishing to steal corporate data by tricking company employees into granting them access to their cloud-based databases.
Google said ShinyHunters was likely in the process of preparing a data leak site to extort its victims into paying the hackers to delete the data, akin to how ransomware gangs operate. This recent spate of cyberattacks targeting Salesforce-hosted databases is a concerning trend that highlights the need for companies to strengthen their cybersecurity measures.
Workday's Response and Lack of Transparency
Connor Spielmaker, a spokesperson for Workday, did not provide any additional information beyond what was shared in the blog post. When asked whether Workday knows how many individuals had data stolen or who the stolen data relates to, such as Workday employees or Workday’s corporate customers, he refused to respond.
Workday would also not say if it has the technical means, such as logs, to determine what customer data was exfiltrated. As of the time of publication, Workday's blog post disclosing the breach contained a hidden “noindex” tag in its source code, which instructs search engines to ignore the page, making it difficult for anyone searching the web to find the page.
A Call for Transparency and Better Cybersecurity Measures
The incident raises questions about the transparency of companies like Workday when it comes to data breaches. Why is Workday hiding its data breach notification from search engines? Is this an attempt to avoid scrutiny or simply a mistake?
In any case, the incident highlights the need for companies to prioritize cybersecurity and take proactive measures to protect their customers' personal data. It also underscores the importance of transparency in such incidents, so that affected individuals can get the help they need.
What You Can Do
If you have been notified about a data breach or suspect that your personal information has been stolen, take action immediately. Securely contact this reporter via encrypted message at zackwhittaker.1337 on Signal to get more information and support.
You can also fill out our survey to let us know how we’re doing and provide feedback into TechCrunch and our coverage and events. Your input will help us improve our reporting and provide better content for you.