Workday Hit by Social Engineering Attack, Third-Party Data Exposed

Workday Hit by Social Engineering Attack, Third-Party Data Exposed

Workday Hit by Social Engineering Attack, Third-Party Data Exposed

Image: WhataWin/Adobe Stock

Workday’s recent data breach might be tied to ShinyHunters, a group accused of exploiting Salesforce CRM at firms like Google, Adidas, Qantas, and Louis Vuitton.

Aug 19, 2025

Workday, a leading provider of HR and financial software, confirmed that a recent social engineering scheme gave attackers entry to a third-party customer relationship management (CRM) platform. The breach did not compromise customer tenant systems or their stored data.

In a blog post on Friday, Workday said threat actors posed as internal staff through calls and text messages, deceiving some employees into sharing access details. While certain information was exposed, Workday stressed that its core platforms remained unaffected.

“We recently identified that Workday had been targeted and threat actors were able to access some information from our third-party CRM platform. There is no indication of access to customer tenants or the data within them,” Workday said in its statement.

Workday clarified that the stolen records primarily involved general business contact details, such as names, email addresses, and phone numbers — information that could be used in further social engineering scams.

Cybersecurity experts warn that even limited data of this kind can provide criminals with material for phishing or voice-based scams aimed at employees or customers.

According to BleepingComputer, which reviewed customer notifications, Workday detected the breach on Aug. 6. The company has not disclosed how many individuals or businesses were affected.

Similar to recent ShinyHunters attacks

Security researchers told BleepingComputer that the attack is consistent with a campaign linked to the ShinyHunters extortion group. That collective has been accused of exploiting Salesforce CRM systems at multiple global companies, among them Google, Adidas, Qantas, and Louis Vuitton.

In those cases, attackers reportedly trick employees into granting access to malicious apps within Salesforce systems, a tactic that enabled attackers to extract company data.

Must-read security coverage

Workday’s added safeguards and tips for customers

Workday emphasized that it acted quickly once the breach was detected. “We acted quickly to cut the access and have added extra safeguards to protect against similar incidents in the future,” the company said.

In addition, Workday reminded customers that the company does not request sensitive details over the phone. “It’s important to remember that Workday will never contact anyone by phone to request a password or any other secure details. All official communications from Workday come through our trusted support channels,” the company added.

Read our report on how Apple’s password app slip exposed user security risks, and what this means for digital privacy in 2025.

Aminu Abdullahi

Aminu Abdullahi is a B2C and B2B technology and finance writer with more than six years of experience covering enterprise IT, cybersecurity, cloud computing, artificial intelligence, fintech, business software, and emerging technologies. He has written for a wide range of technical and business audiences, from IT professionals and cybersecurity leaders to small business owners, executives, and technology buyers. His work has appeared in publications including: TechRepublic eWEEK Channel Insider Geekflare Enterprise Networking Planet eSecurity Planet CIO Insight Webopedia With a background in computer science, Aminu specializes in translating complex technical subjects into clear, practical, and accessible content. His writing helps readers understand emerging technologies, evaluate business software, strengthen cybersecurity strategies, and make more informed decisions about technology investments. Across his work, Aminu focuses on the real-world impact of technology, connecting technical innovation with business value, operational efficiency, security, and long-term digital transformation.