Workday, a leading provider of human resources technology, has disclosed a data breach resulting from unauthorized access to a third-party customer relationship management (CRM) platform. The breach, identified on August 6, 2025, involved the theft of personal contact information, including names, email addresses, and phone numbers. The company has assured that there is no evidence of access to customer tenants or the data within them.
The compromised CRM system primarily stored business contact details. Workday has cautioned that the stolen information could be exploited in social engineering scams, where attackers manipulate individuals into divulging sensitive data.
This incident is part of a broader trend of cyberattacks targeting Salesforce-hosted databases. In recent weeks, companies such as Google, Cisco, Qantas, and Pandora have reported similar breaches. Google has attributed these attacks to the hacking group ShinyHunters, known for using voice phishing techniques to gain unauthorized access to cloud-based databases.
Workday has taken immediate action to terminate the unauthorized access and has implemented additional safeguards to prevent future incidents. The company has not disclosed the specific third-party CRM platform involved. As of now, Workday has not provided details on the number of individuals affected or the specific nature of the stolen data.
The company has also noted that its blog post disclosing the breach contains a noindex tag, instructing search engines to ignore the page, which may make it difficult for individuals searching the web to find the notification.
