1. Website Planet
  2. >
  3. News
  4. >
  5. Workday Confirms Recent Data Breach
Workday Confirms Recent Data Breach

Workday Confirms Recent Data Breach

Headshot of Andrés Gánem Written by: Andrés Gánem
Headshot of Maggy Di Costanzo Reviewed by: Maggy Di Costanzo
Last updated: August 28, 2025
Human capital management giant Workday recently confirmed a breach into the database of one of its third-party customer relationship management (CRM) platforms. According to an August 15 release by the company, the hacker(s) only retrieved “commonly available business contact information.”

Cybersecurity news portal BleepingComputer reported that this incident appears to be part of an ongoing attack on the Salesforce CRM platform, which has also resulted in the breach of companies like Google, Cisco, Adidas, and more.

Workday is one of the largest human-resource (HR) companies in the world, offering cloud-based services to over 11,000 companies worldwide with an estimated user base of 70 million, per the company’s own website.

“We want to let you know about a recent social engineering campaign targeting many large organizations, including Workday,” reads the company’s official statement.

“We recently identified that Workday had been targeted and threat actors were able to access some information from our third-party CRM platform. There is no indication of access to customer tenants or the data within them.”

Workday said the stolen information consisted of “commonly available business contact information, like names, email addresses, and phone numbers.”

The company confirmed no financial or confidential information was exposed. However, the stolen data could be used in the future for “phishing” attacks, where hackers use social engineering to get their victims to click on malicious links or reveal sensitive information.

This wave of attacks has been linked to the ShinyHunters extortion group and is commonly believed to have started as a social engineering attack targeting Salesforce employees. After the initial breach, hackers then illegally accessed the companies’ databases, giving them data that could be used for phishing or extortion.

As reported by BleepingComputer, a private message sent to potentially affected customers reveals that Workday originally learned of the attack as early as August 6.

“It’s important to remember that Workday will never contact anyone by phone to request a password or any other secure details. All official communications from Workday come through our trusted support channels,” continues the company’s release.

Phishing and other social engineering scams have been ramping up in 2025, affecting thousands of people worldwide. In May, hackers breached the largest crypto exchange in the world to access customer data, which could be used for further phishing schemes.

Andrés Gánem
Senior Writer:
Andrés Gánem
Andrés writes about a variety of topics aimed at helping business owners and merchants grow and manage their ventures. These topics include (but are not limited to) website building, web hosting, project management software, and credit card processing. Andrés has 3+ years of experience as a writer and content creator. He’s also worked as a project manager, website designer, and social media manager for a variety of science communication groups.

Maggy Di Costanzo
Editor:
Maggy Di Costanzo
Maggy Di Costanzo is an editor at Website Planet, specializing in reviews of e-commerce platforms, website builders, and web hosting services. With experience as a freelance AI content specialist, editor, and writer, she brings a versatile skill set from industries like marketing and real estate. When she’s not editing or staying updated on SEO trends, Maggy enjoys going on hikes with her dog, planning dinner parties, and tracking the stock market.

Follow our experts on
Rate this Article
4.0 Voted by 2 users
You already voted! Undo
This field is required Maximal length of comment is equal 80000 chars Minimal length of comment is equal 10 chars
Any comments?
Reply
View %s replies
View %s reply
More news
Show more
Reply to
0 out of minimum 50 characters
Complete your reply Complete your comment
The name is too short The name is too long The name contains invalid characters
The email is required The email is incorrect
Thank you, - your reply was submitted successfully! your comment was submitted successfully!
We check all user comments within 48 hours to make sure they are from real people like you. We're glad you found this article useful - we would appreciate it if you let more people know about it.
Popup final window
Share this blog post with friends and co-workers right now:
1 1 1
Thank you, , your comment was submitted successfully!

We check all comments within 48 hours to make sure they're from real users like you. In the meantime, you can share your comment with others to let more people know what you think.

Thank you for signing up!

Once a month you will receive interesting, insightful tips, tricks, and advice to improve your website performance and reach your digital marketing goals!

1 1 1

So happy you liked it!

Share it with your friends!

1 < 1 1

Or review us on 1

3723292
50
5000
143203221