The US company was affected by a social engineering campaign that bears similarities to a recent wave of attacks by extortion group ShinyHunters.
Enterprise software company Workday recently suffered a data breach after threat actors targeted a third-party customer relationship management (CRM) platform. According to a blogpost by the US company on Friday (15 August), threat actors gained access to information stored on the CRM platform through a social engineering campaign that targeted multiple large organisations.
Read more…
Source: SiliconRepoblic News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- HSBC warns UK business banking customers of third-party data breach
September 30, 2025
HSBC has warned business banking customers that personal identification documents submitted during account applications may have been compromised following unauthorised access to a third-party platform. In an email sent to customers earlier this month, the bank confirmed that identity documents, images and contact details provided when opening a business account were exposed in the breach. HSBC ...
- ‘Widespread’ breach let hackers steal employee data from FEMA and CBP
September 29, 2025
A “widespread cybersecurity incident” at the Federal Emergency Management Agency allowed hackers to make off with employee data from both the disaster management office and U.S. Customs and Border Protection, according to a screenshot of an incident overview presentation obtained by Nextgov/FCW. The hack is also suspected to have later triggered the dismissal of two dozen ...
- UK: Harrods’ customers details stolen in data breach
September 27, 2025
Harrods has warned some of its customers that their personal data may have been taken in an IT systems breach, months after it was targeted by a suspected cyber attack in May. The luxury department store said customer names and contact details have been taken after one of its third-party provider systems was compromised. It said ...
- India: Thousands of bank transfer records found spilling online after security lapse
September 26, 2025
A data spill from an unsecured cloud server has exposed hundreds of thousands of sensitive bank transfer documents in India, revealing account numbers, transaction figures, and individuals’ contact details. Researchers at cybersecurity firm UpGuard discovered in late August a publicly accessible Amazon-hosted storage server containing 273,000 PDF documents relating to bank transfers of Indian customers. Read more… Source: ...
- US federal agency breached by hackers using GeoServer exploit
September 24, 2025
In mid-July 2024, a threat actor managed to break into a US Federal Civilian Executive Branch (FCEB) agency by exploiting a critical remote code execution (RCE) vulnerability in GeoServer, the government has confirmed. In an in-depth report detailing the incident, the US Cybersecurity and Infrastructure Security Agency (CISA) outlined how the attackers leveraged CVE-2024-36401, a 9.8/10 ...
- Stellantis detects breach at third-party provider for North American customers
September 22, 2025
Stellantis detected unauthorized access to a third-party service provider’s platform that supports its North American customer service operations, the company said in a statement on Sunday. The automaker said the incident, which is under investigation, exposed only basic contact information and did not involve financial details or sensitive personal data. Stellantis did not specify how many ...