HR software maker Workday confirms breach; hackers may have stolen personal data, company says: ‘We recently identified…’

Workday, a major provider of human resources technology, has confirmed a data breach that resulted in the theft of personal information from one of its third-party databases. In a blog post, the company announced that hackers stole an unspecified amount of data, primarily consisting of contact information such as names, email addresses, and phone numbers. The breach was part of a "social engineering campaign" that targeted several large organisations.

Workday

explained that in this campaign, threat actors contacted employees via text or phone, posing as HR or IT staff, to trick them into giving up account access or personal information.

What Workday said about the data breach

In its blog post, Workday wrote: “We recently identified that Workday had been targeted and threat actors were able to access some information from our third-party CRM platform. There is no indication of access to customer tenants or the data within them. We acted quickly to cut the access and have added extra safeguards to protect against similar incidents in the future.”However, the company did not explicitly rule out the possibility that customer information was compromised, as corporate clients typically store most of their HR records and employees’ personal information with Workday.

Workday, which serves more than 11,000 corporate clients and at least 70 million users globally, reportedly detected it earlier this month. The company also did not clarify whether it has the technical capabilities, such as access logs, to confirm if any customer data was stolen.While the company did not disclose the name of the third-party customer database platform involved, the incident comes amid a wave of cyberattacks targeting Salesforce-hosted databases used by major corporations. In recent weeks, Google, Cisco, Qantas, and Pandora have all suffered data theft from their Salesforce systems.Google attributed these breaches to ShinyHunters, a hacking group known for using voice phishing to trick employees into granting access to cloud databases. The company added that ShinyHunters was likely preparing a data leak site to pressure victims into paying for data deletion, a tactic similar to ransomware operations.