August 18, 2025 – Workday, one of the world’s leading providers of human resources technology, has confirmed a security breach that exposed personal data stored in a third-party customer relationship database.

In a blog post released late Friday, the company stated that attackers accessed and stole an undisclosed amount of personal information. According to Workday, the compromised database primarily contained basic contact details such as names, email addresses, and phone numbers.

Workday clarified that, so far, there is no evidence that attackers gained access to customer tenants or the HR data typically managed within them. However, the stolen information could still be leveraged for social engineering schemes, where cybercriminals impersonate trusted contacts to deceive victims into revealing sensitive information or granting system access.

The breach reportedly occurred on August 6 and adds Workday to a growing list of enterprises impacted by large-scale data thefts involving Salesforce-hosted databases. Recently, major organizations including Google, Cisco, Qantas, and Pandora have also experienced breaches of this kind.

Google has linked many of these incidents to the ShinyHunters hacker group, known for using voice phishing (vishing) techniques to manipulate employees and gain unauthorized access to corporate cloud systems. Reports suggest the group may be preparing to extort victims by threatening to leak stolen data, a tactic similar to ransomware operations.

With over 11,000 corporate clients and at least 70 million users worldwide, Workday’s incident highlights the ongoing risk of third-party vulnerabilities and the importance of robust vendor risk management strategies.

When questioned further, Workday declined to provide specifics on the number of individuals affected or whether the compromised records belong to Workday employees or customers. It also remains unclear whether the company has sufficient logging or technical tools to fully identify what data was exfiltrated.

Interestingly, Workday’s official blog post on the breach included a “noindex” tag, preventing search engines from displaying the disclosure in search results. The reason behind this decision has not been made public.

Key Takeaways for Organizations:

• Third-party risks remain a critical exposure point: Even global enterprises face vulnerabilities through vendor and partner platforms.
• Social engineering is a primary threat vector: Stolen contact information, even if limited, can fuel phishing and vishing campaigns.
• Visibility and logging are essential: Companies must ensure robust monitoring to identify the scope of any breach.
• Transparency builds trust: Attempts to obscure breach notifications may raise concerns among customers and partners.

This incident underscores the growing sophistication of threat actors and the urgent need for strong cybersecurity governance, observability, and compliance strategies across all organizations.

Source: https://techcrunch.com/2025/08/18/hr-giant-workday-says-hackers-stole-personal-data-in-recent-breach