Human resources giant Workday recently fell victim to a data breach after cybercriminals used social engineering tactics to access a third-party customer relationship management platform.
The California-based company serves over 11,000 organizations worldwide, including more than 60% of Fortune 500 companies.
What Happened in the Workday Attack
The breach occurred when threat actors successfully targeted Workday’s third-party CRM system through sophisticated social engineering methods.
Attackers contacted employees via phone and text messages, pretending to represent Human Resources or IT departments to trick workers into revealing sensitive account information.
Workday discovered the incident on August 6 and acted quickly to cut off unauthorized access. The company has since implemented additional security measures to prevent similar attacks.
Workday Data Breach Statement
Information Compromised
The stolen data primarily consisted of business contact details, including:
- Employee names
- Email addresses
- Phone numbers
Workday confirmed that customer tenant systems remained secure, with no indication that client data was accessed. However, the exposed contact information could potentially be used in future social engineering campaigns against other organizations.
Social Engineering Attack Explained (Image Source: Secureframe)
Connection to Larger Campaign
Security experts have linked this incident to a broader wave of attacks orchestrated by the ShinyHunters extortion group.
This cybercriminal organization has targeted multiple high-profile companies throughout 2025, including AT&T, Adidas, Qantas, Google, and several luxury brands like Louis Vuitton and Chanel.
The group typically tricks employees into connecting malicious OAuth applications to their company’s Salesforce instances, then uses those connections to steal databases and extort victims.
Workday reminds users that legitimate company communications never request passwords or secure details over the phone. All official support requests come through verified channels only.
TROYPOINT Tip: Never worry about identity theft again by using Aura which is TROYPOINT’s recommended identity theft protection.
Aura Identity Theft Protection Review
Final Thoughts
This Workday data breach highlights the growing threat of social engineering attacks targeting enterprise systems.
While customer data remained protected (according to Workday), the incident serves as a reminder for organizations to train employees on recognizing phishing attempts and implement strong verification procedures.
For more details on this story, refer to Workday’s press release and the report from Bleeping Computer.
We want to know your thoughts. What do you think about this story? Let us know in the comment section below!
Be sure to stay up-to-date with the latest streaming news, reviews, tips, and more by following the TROYPOINT Advisor with updates weekly.
🛑 DON’T SLEEP ON THIS
Surfshark VPN Exclusive Discount
Your online activity is monitored by your ISP, app/addon/IPTV devs, government, and all websites.
🔒 Become anonymous while streaming & downloading with Surfshark VPN
Save 87% with 24-Month Plan + Get 3 FREE Months
Use on Unlimited Devices & Share 1 Account with Entire Family
CLAIM DEAL HERE
This page includes affiliate links where TROYPOINT may receive a commission at no extra cost to you. Many times, visitors will receive a discount due to the special arrangements made for our fans. Learn more on my Affiliate Disclaimer page.
