Human resources firm Workday disclosed a data breach

Human resources firm Workday disclosed a data breach

Por

Human resources firm Workday disclosed a data breach

Human resources firm Workday disclosed a data breach after attackers accessed a third-party CRM platform via social engineering.

Workday is a cloud-based software company that specializes in enterprise applications for human capital management (HCM), financial management, and planning.

The company provides services to over 11,000 organizations, including over 60% of Fortune 500 firms.

The HR firm has disclosed a data breach after threat actors compromised a third-party customer relationship management (CRM) platform in a recent social engineering attack.

Attackers pose as HR or IT via text or phone to trick employees into revealing account credentials or personal data.

“We recently identified that Workday had been targeted and threat actors were able to access some information from our third-party CRM platform.” reads the statement published by the HR giant.“There is no indication of access to customer tenants or the data within them. We acted quickly to cut the access and have added extra safeguards to protect against similar incidents in the future.”

Compromised data was primarily commonly available business contact information, including names, email addresses, and phone numbers. The company warns that exposed data may potentially used by attackers to further their social engineering scams.

“It’s important to remember that Workday will never contact anyone by phone to request a password or any other secure details. All official communications from Workday come through our trusted support channels.” concludes the statement.

BleepingComputer reported that, according to a data breach notification sent to impacted customers, Workday discovered the breach on August 6.

It is unclear if the breach is linked to a ShinyHunters campaign targeting Salesforce CRM via social engineering and voice phishing. Attackers trick employees into authorizing malicious OAuth apps, enabling database theft later used for extortion. Victims include Adidas, Qantas, Allianz, and Google. The group, tied to major past breaches, began this campaign earlier in 2025.

Follow me on Twitter:@securityaffairsandFacebookandMastodon

PierluigiPaganini

(SecurityAffairs–hacking,newsletter)