Workday announced a data breach after attackers gained access to a third-party customer relationship management (CRM) platform through a targeted social engineering campaign. The Pleasanton, California-based HR software giant employs more than 19,300 people and serves over 11,000 organizations across North America, EMEA and APJ, including more than 60% of the Fortune 500.
In a Friday blog, the company said the attackers gained access to information stored on the compromised CRM systems, but there is no indication that customer tenants or the data within them were accessed.
Workday noted that the information exposed was primarily commonly available business contact information – names, email addresses and phone numbers – that could be used in subsequent social‑engineering attempts.
The breach was discovered on August 6, with Workday saying the incident was identified almost two weeks prior to the disclosure.
Industry observers have described the incident as part of a broader wave of Salesforce data-theft attacks linked to the ShinyHunters extortion group, which targets Salesforce instances through social engineering and OAuth abuse. Related coverage has cited a wide range of brands affected by the same campaign, illustrating the reach of the operation. In related coverage, Tiffany & Co. was noted, with coverage linking to a source from Chosun.