Workday, one of the world’s largest providers of human resources technology, has disclosed a data breach involving a third-party customer relationship management (CRM) database. The company confirmed in a blog post that hackers accessed personal information, including names, email addresses, and phone numbers.
While Workday emphasized that there is “no indication of access to customer tenants or the data within them,” it did not categorically rule out the exposure of customer-related information. These customer tenants typically contain the bulk of human resources files and employees’ sensitive data, leading to heightened concerns among corporate clients.
Data Protection and DPDP Act Readiness: Hundreds of Senior Leaders Sign Up for CDPO Program
The company warned that the stolen data could be used in social engineering attacks, where cybercriminals manipulate individuals into disclosing confidential details or granting system access. Security experts say this type of breach poses significant long-term risks, especially for companies dependent on cloud-based HR solutions.
Part of a Larger Pattern of Cloud Database Attacks
Workday has more than 11,000 corporate clients, serving over 70 million users globally, according to its website. The breach, discovered on August 6, is the latest in a string of cyberattacks targeting Salesforce-hosted databases. Recently, Google, Cisco, Qantas, and retailer Pandora also reported data theft incidents linked to their Salesforce systems.
Google attributed similar breaches to the hacker group ShinyHunters, known for voice phishing schemes that trick employees into revealing access credentials. According to reports, the group is likely preparing a dedicated data leak site to pressure companies into paying extortion fees, mirroring ransomware tactics.
Workday declined to specify the number of affected individuals or whether the stolen data belonged to its employees, its corporate customers, or both. Connor Spielmaker, a Workday spokesperson, said the company had no additional comment beyond the blog post. Adding to the controversy, Workday’s breach disclosure webpage contained a hidden “noindex” tag, preventing search engines from indexing the page. This move effectively makes it harder for affected individuals to discover the breach notification online. The reason for this decision remains unclear.
With the incident still under investigation, cybersecurity analysts caution that affected users should remain vigilant against phishing attempts, fraudulent calls, and suspicious emails in the coming weeks.