Workday, one of the largest providers of human resources technology, has confirmed a data breach that allowed hackers to steal personal information from one of its third-party customer relationship databases.
In a blog post published late Friday, the HR technology giant stated that hackers stole an unspecified amount of personal information from the database, which primarily stored contact details such as names, email addresses, and phone numbers. While Workday did not explicitly confirm whether customer data was taken, it noted there was no indication of access to customer tenants or the data within them. These tenants typically contain the bulk of corporate customers’ human resources files and employee data.
The company warned that the stolen information could be used in social engineering scams, where hackers manipulate or threaten victims into revealing sensitive data. Workday serves over 11,000 corporate customers and more than 70 million users worldwide, according to its website. Reports indicate the breach was discovered on August 6.
Workday did not name the affected third-party database platform, but the incident follows a recent wave of cyberattacks targeting Salesforce-hosted databases used by major companies. In recent weeks, Google, Cisco, airline giant Qantas, and retailer Pandora have all suffered data thefts from their Salesforce systems.
Google linked its breach to ShinyHunters, a hacking group known for voice phishing attacks that trick employees into granting access to cloud databases. Google suggested the group may have been preparing a data leak site to extort victims, similar to ransomware operations.
Workday spokesperson Connor Spielmaker declined to provide additional details beyond the company’s blog post. He did not answer questions about the number of affected individuals, whether the stolen data belonged to employees or corporate customers, or if Workday could determine what data was taken.
At the time of publication, Workday’s breach disclosure blog post included a hidden “noindex” tag in its source code, preventing search engines from displaying the page in search results. The reason for this decision remains unclear.
If you have information about the Workday breach or attacks on Salesforce databases, or if you have received a breach notification, you can securely contact the reporter via encrypted messaging.
This post has been updated with a response from Workday.