August 19, 2025
Workday Breach Joins Growing Wave of CRM Attacks
HR and finance software company Workday has confirmed a data breach after attackers gained access to a third-party customer relationship management (CRM) system. The company said the hackers obtained business contact details such as names, phone numbers, and email addresses.
According to Workday, the incident was part of a larger social engineering campaign that has been targeting many well-known organisations. In these attacks, criminals pose as internal IT or HR staff, contacting employees by phone or text in an attempt to trick them into sharing login details or other sensitive information.
“There is no indication of access to customer tenants or the data within them. We acted quickly to cut the access and have added extra safeguards to protect against similar incidents in the future,” Workday said.
Security experts believe the compromised information, while not highly sensitive, could still be useful for future phishing or impersonation attempts. Workday is thought to be one of several high-profile organisations targeted in recent weeks.
Adidas recently confirmed a data breach after attackers accessed customer information through a third-party support provider. While Adidas was one of the high-profile targets, several other major companies were affected as well.
Investigators suspect the cybercrime groups Scattered Spider and ShinyHunters may be behind the campaign. These groups are known for their sophisticated social engineering tactics, which focus on exploiting human trust rather than technical vulnerabilities.
The incident highlights that attackers are increasingly focusing on third-party systems and employee manipulation rather than direct technical exploits. Experts warn that organisations need to enforce stronger authentication and keep a closer eye on third-party platforms to stay ahead of such threats.
