In August, a wave of coordinated cyberattacks showed just how vulnerable even the world’s largest organizations can be.

• Google confirmed that ShinyHunters (UNC6040) infiltrated its Salesforce environment through vishing, voice phishing calls where attackers posed as IT staff to trick employees. Business contact data and sales notes were stolen.

• Workday, a global HR software giant, revealed a nearly identical attack days later.

• And most recently, Air France-KLM joined the list of victims. Hackers linked to the same campaign exfiltrated loyalty program data, including millions of customer records.

  
  

The pattern is clear: this is not a one-off incident. It’s a coordinated wave of CRM-targeted attacks, and if Google, Workday, and Air France-KLM can fall victim, smaller businesses are just as exposed.

What This Means

Even “just contact data” is a goldmine for cybercriminals. With it, attackers can impersonate your vendors, customers, or executives to launch:

• Fake invoice scams

• Business email compromise (BEC)

• Credential harvesting

• Account takeovers

These threats often surface weeks later, long after the initial breach. And because they exploit CRM platforms and human behavior, not just a single company, the risks spill over to businesses of every size.

Our advice: Don’t wait for the call

It only takes one convincing phone call to open the door. That’s why TMCG helps businesses:

• Block vishing with callback verification codes and drills

• Lock down Salesforce and other CRM connected apps

• Enforce phishing-resistant MFA and single sign-on

• Monitor exports, purge stale data, and shrink what’s exposed

• Train staff to shut down scams before they spread

Act now

When cybercriminals can breach Air France-KLM, Google, and Workday in the same campaign, how safe do you think you are? It just takes one small entry point to ruin everything

👉 Schedule Your Free Consultation