Daily NewsData Protection and Backup

Workday Admits Breach as Social Engineering Rears Ugly Head Yet Again

Data Breach Is Reportedly Due to an Employee Falling for Social Engineering Tactics

Photo of Martin Dale Bolima Martin Dale Bolima Send an email August 21, 2025
1 minute read
Workday

Social engineering. That’s how hackers breached Workday’s defences early this August, filfering away personal information from one of the company’s third-party customer relationship databases.

This much was admitted by Workday itself in a blog it published on Friday curiously titled “Protecting You From Social Engineering Campaigns: An Update From Workday.”

“At Workday, trust and transparency guide everything we do. We want to let you know about a recent social engineering campaign targeting many large organisations, including Workday,” the blog opened. “In this campaign, threat actors contact employees by text or phone pretending to be from human resources or IT. Their goal is to trick employees into giving up account access or their personal information.”

Workday Falls for Social Engineering

Bleeping Computer initially reported the breach. The site claims the data breach discovered as early as 6 August 2025. Google, meanwhile, said that the breach was committed by ShinyHunters, a group of hackers known for using voice phishing to steal corporate data by tricking company employees.

In the same blog, Workday also indicated there was “no indication of access to customer tenants or the data within them”—something corporate customers typically use to store the bulk of their human resources files and employees’ personal data. However, it should be noted that nowhere in the blog did the company rule out a breach of said tenants. This lack of such admission opens the possibility that this cyberattack could potentially be bigger than initially reported.

Moreover, Workday did not identify in said blog the breached third-party customer database platform and hasn’t done so as of press time. The data breach, though, comes from the heels of similar breaches targeting Salesforce-hosted databases used by large companies to store customer data. To date, GoogleCiscoairline giant Qantas, and retailer Pandora have all been breached, with voluminous amounts of data stolen from their Salesforce databases.

Workday, per the company’s website. has more than 11,000 corporate customers serving at least 70 million users worldwide.

Tags
Photo of Martin Dale Bolima Martin Dale Bolima Send an email August 21, 2025
1 minute read
Photo of Martin Dale Bolima

Martin Dale Bolima

Martin has been a Technology Journalist at Asia Online Publishing Group (AOPG) since July 2021, tasked primarily to handle the company’s Data&Storage Asia online portal. He also contributes to Cybersecurity ASIA and Disruptive Tech News, with his main areas of interest being artificial intelligence and machine learning, cloud computing and cybersecurity. A seasoned writer and editor, Martin holds a degree in Journalism from the University of Santo Tomas in the Philippines. He began his professional career back in 2006 as a writer-editor for the University Press of First Asia, one of the premier academic publishers in the Philippines. He next dabbled in digital marketing as an SEO writer while also freelancing as a sports and features writer.

Related Articles

AI at Work

Okta’s ‘AI at Work 2025: Majority of Decision-Makers View AI as Key to Business Strategies

August 15, 2025
SK Hynix

SK Hynix Expects AI Memory Market to Grow 30% Every Year Until 2030

August 12, 2025
Azumo

Azumo Identifies Four Everyday Tasks AI Best Augments Human Capability

August 12, 2025
Leaseweb

Leaseweb Launches Object Storage Solution in Singapore to Supercharge Regional Data Growth

August 8, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *

(c) Asia Online Publishing Group 2024 - Media and PR enquiries - editor@aopg.net