The Target: Workiva, a leading cloud-based SaaS (Software as a Service) provider.
The Take: The threat actors exfiltrated a limited set of business contact information, including names, email addresses, phone numbers, and support ticket content.
The Vector: Workiva notified its customers that attackers who gained access to a third-party customer relationship management (CRM) system stole some of their data.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.