Investigators point to unauthorized access at a vendor’s database, with outside reporting linking the theft to a vishing-driven Salesforce campaign.
