Protecting You From Social Engineering Campaigns: An Update From Workday
At Workday, trust and transparency guide everything we do. We want to let you know about a recent social engineering campaign targeting many large organizations, including Workday.
In this campaign, threat actors contact employees by text or phone pretending to be from human resources or IT. Their goal is to trick employees into giving up account access or their personal information.
We recently identified that Workday had been targeted and threat actors were able to access some information from our third-party CRM platform. There is no indication of access to customer tenants or the data within them. We acted quickly to cut the access and have added extra safeguards to protect against similar incidents in the future.
The type of information the actor obtained was primarily commonly available business contact information, like names, email addresses, and phone numbers, potentially to further their social engineering scams.
It’s important to remember that Workday will never contact anyone by phone to request a password or any other secure details. All official communications from Workday come through our trusted support channels.
To learn more about what Workday does to secure our data and that of our customers, please visit our Security and Trust page.
More Reading
-
-
Workday Secures Independent Verifications of Its Approach to Responsible AI
We’re not only building AI that serves our customers needs, but we’re doing so responsibly. We understand that a high quality responsible AI governance framework facilitates AI innovation and adoption because it helps drive trust.
-
Our Commitment to Our European Customers
Empowering our global customers to thrive has always been at Workday’s core and in today's dynamic geopolitical and AI regulatory landscape, particularly in the European Union, we are focused on providing customers with the tools and assurances they need to confidently adapt to today’s uncertainty.
