The UBC Integrated Service Centre and the UBC Cybersecurity team are aware of recent news regarding a data breach involving Workday Community. Workday Community is Workday's official online platform where customers get support and access resources about Workday products. It is used only by staff providing technical Workday support across UBC, and is completely separate from UBC's Workday system, which manages HR, student, and finance data.
Please note:
- This breach affects Workday Community only. It does not involve the UBC Workday system.
- Workday Community does not contain any UBC Workday data.
- CWL accounts are not compromised.
- UBC Workday data is not compromised.
Attackers may attempt to exploit the publicity of this breach to launch phishing campaigns. Be extra vigilant, particularly with emails or messages claiming to be about Workday account security. These may urge you to click on a link to "recover your password" or "secure your account".
What you should do:
- Always be aware of emails with a yellow banner stating [CAUTION: Non-UBC Email].
- Never click links or provide your CWL credentials to non-UBC websites.
- If you receive a suspicious email, or if you believe you may have entered your credentials into a fraudulent site, report it immediately to UBC Cybersecurity at security@ubc.ca.
- Remember: UBC will never contact you to request your password or MFA code.
UBC is conducting a thorough review and will provide direct communication to any affected parties as necessary.
