Technology

Workday reports data breach, customer data safe

19 August 2025

The company quickly assured customers that there were no signs of customer data being stolen, but business contact information was compromised.

Workday has reported a data breach after attackers gained access to its third-party customer relationship management (CRM) system.

The HR software giant had detected the breach earlier in August and has alerted customers that their business information may have been exposed.

“The type of information the actor obtained was primarily commonly available business contact information, like names, email addresses, and phone numbers, potentially to further their social engineering scams,” the company wrote in a blog post on Friday.

Workday said the attackers contacted employees via text or phone, pretending to be Human Resources or IT staff, in an attempt to trick them into revealing account details or personal information.

While the identity of the attackers was not disclosed, multiple media outlets have attributed the breach to ‘ShinyHunters’, a criminal hacker group.

According to cybersecurity news website BleepingComputer, ShinyHunters is linked to a series of attacks targeting Salesforce CRM instances earlier this year. In recent weeks, Cisco, Qantas, Pandora, and Google have reported data theft from their Salesforce databases.

During such attacks, the attackers would trick employees into linking a malicious app to their company’s Salesforce database. The link is then used to access and steal from the company’s databases, with the stolen data later being held for ransom.

While no cases of extortion or data leaks connected to ShinyHunters have been made public, it is believed that victims are sent extortion messages discreetly via email. When such attempts fail, the stolen information is released in a long wave of leaks.

Workday assured its customers that there is ‘no indication’ that the attackers gained access to customer data, and it has placed additional safeguards to protect against future breaches.

“We acted quickly to cut the access and have added extra safeguards to protect against similar incidents in the future,” the company said.

Workday also reminded customers that it will never contact anyone by phone to request passwords and all official communications pass through verified support channels.

Headquartered in Pleasanton, California, Workday provides a range of financial and human capital management platforms. Its customer list comprises more than 11,000 organisations across a wide range of industries, including over 60% of Fortune 500 companies.

The company also made headlines earlier in July after it was ordered by a US federal court to disclose customers who used a controversial third-party AI tool integrated into their recruitment platform. According to the ruling, the HiredScore AI technology discriminated against job applicants aged 40 years old and above.

Topics

#Cyber Security

Author

Alvin Ybañez