Workday Data Breach Exposes HR Records via Third-Party CRM Hack

Enterprise software giant Workday has disclosed a security incident involving unauthorized access to employee information through a compromised third-party customer relationship management (CRM) platform.

The breach, discovered as part of a broader social engineering campaign targeting multiple large organizations, has raised concerns about supply chain security risks in the enterprise software sector.

Incident Details and Scope

According to Workday’s official statement, threat actors successfully infiltrated the company’s third-party CRM system following a sophisticated social engineering campaign.

The attackers contacted employees through text messages and phone calls, impersonating human resources and IT personnel to trick staff into surrendering account credentials and personal information.

The compromised data primarily consisted of standard business contact information, including employee names, email addresses, and phone numbers.

Workday emphasized that customer tenant data remained secure, with no evidence suggesting unauthorized access to client information or the core Workday platform infrastructure.

“There is no indication of ...