Workday, a leading global human resources software provider, has confirmed that hackers accessed and stole personal information from one of its third-party customer relationship management databases. The compromised data primarily included contact details such as names, email addresses, and phone numbers.
In a blog post published late last week, Workday stated there was “no indication of access to customer tenants or the data within them,” which are the main repositories for corporate HR files and employee information. However, the stolen data could be used to facilitate social engineering attacks, where fraudsters manipulate victims to reveal further sensitive information.
The breach, detected on August 6, affects a platform used by one of Workday’s third-party providers, although the company has not named it. This incident follows a series of recent cyberattacks targeting Salesforce-hosted databases at major firms including Google, Cisco, Qantas Airways, and Pandora.
Google has linked these attacks to the hacker group ShinyHunters, known for using voice phishing to deceive employees into granting access to cloud databases. Google believes ShinyHunters was preparing an extortion campaign to pressure victims into paying ransoms to prevent data leaks.
Workday’s spokesperson Connor Spielmaker declined to provide further details on the scope of the breach or the individuals affected. Notably, Workday’s breach notification page includes a “noindex” tag in its source code, preventing the disclosure from appearing in search engine results, though the reason for this remains unclear.