Workday confirmed a security incident in which attackers accessed a third-party customer relationship database and stole personal contact information (names, emails, phone numbers). Workday says there’s no indication of access to customer tenants or HR records. The breach aligns with a broader wave of vishing-led intrusions against Salesforce-hosted databases at major firms (e.g., Google, Cisco, Qantas, Pandora) attributed to ShinyHunters/UNC6040, raising near-term risks of targeted social-engineering scams against HR and vendor contacts.

August 18, 2025 – HR technology leader Workday has confirmed a new security incident, underscoring the rising threat of social engineering attacks against enterprise systems.

In a statement released on its blog, the company disclosed that attackers gained unauthorized access to a third-party customer relationship management (CRM) platform and stole business contact information, including names, phone numbers, and email addresses.

Workday emphasized that its core systems remain secure and that no sensitive customer or employee HR data was exposed. Still, the company has cut off access to the compromised systems and is urging clients to stay alert, warning that the stolen contact details could be exploited in phishing or fraud campaigns.

Part of a Broader Campaign

Investigators believe the incident is linked to a wider campaign targeting Salesforce CRM environments at several major global firms. In recent months, companies such as Google, Cisco, Qantas, and Pandora have also reported similar breaches.

Threat groups including Scattered Spider and ShinyHunters are suspected to be behind the activity. These groups rely heavily on social engineering techniques—often impersonating HR or IT staff via phone calls and text messages—to trick employees into granting access to corporate systems.

Human Factors in Security

The Workday incident serves as another reminder that while cloud platforms and enterprise applications continue to underpin global business operations, attackers are increasingly exploiting human vulnerabilities rather than technical flaws.

Security experts caution that vigilance, identity verification, and robust defenses against social engineering are becoming as critical as traditional safeguards like firewalls and encryption. Workday’s case reinforces the urgency for enterprises to strengthen multi-factor authentication, restrict connected applications, and prioritize security awareness training.

Source: Workday official blog, industry media reports