No Indication that L&C Data Was Accessed in Workday’s Data Breach

The company Workday recently reported that a customer relationship management database they use was targeted by cyber criminals. There is no indication that the “threat actors” accessed the personal data of their customers’ platforms.

According to Workday, even if there was an indication that the hackers accessed customer data, the only personal data that could have been affected would have included first name, last name, work email address, and work phone number of the limited number of persons whose contact information was in the third-party customer relationship management database. Such information is already generally available on Lewis & Clark’s website.

This is a good opportunity to remind L&C employees of the need to be wary of potential bad actors. In this type of security incident, threat actors contact employees by text or phone pretending to be from Human Resources or IT. The goal is to trick employees into giving up account access or personal information. It is important to note that Workday will never contact anyone by email, text, or phone to request a password or other secure details. Similarly, Lewis & Clark’s IT department will never contact L&C employees by email, text or phone to request a password or other sensitive information.

Lewis & Clark’s Information Security team urges community members to always double-check when someone is asking for personal data and to remain vigilant. The team is closely monitoring the Workday situation and will reach out immediately if any additional information becomes available.

Employees should report any suspicious request or potential phishing message to security@lclark.edu or itservice@lclark.edu, and L&C’s Information Security team will investigate.