Workday Discloses Data Breach Involving Third-Party CRM Platform

By  |  August 18, 2025
 | 
Workday

Human resources and finance platform Workday suffered a data breach in which fraudsters accessed some information from its third-party customer relationship management (CRM) platform.

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    The company was targeted by fraudsters in a social engineering campaign in which they contacted employees by text or phone, pretended to be from human resources or IT, and tricked employees into giving up account access or their personal information, Workday said in a Friday (Aug. 15) blog post.

    The data that was accessed included business contact information like names, email addresses and phone numbers, according to the post.

    “There is no indication of access to customer tenants or the data within them,” the post said. “We acted quickly to cut the access and have added extra safeguards to protect against similar incidents in the future.”

    Workday said in the post that the business contact information may be used by the fraudsters to “further their social engineering scams.”

    The company will never contact anyone by phone to request any secure details and all its official communications come through its trusted support channels, the post said.

    Advertisement: Scroll to Continue

    PYMNTS reported in May that data breaches have shown that the weakest links in the digital chain are often not the companies themselves, but the networks of third-party service providers and infrastructure enablers surrounding them.

    For example, German sportswear company Adidas announced in May that it suffered a data breach in which cybercriminals accessed customer data via a third-party customer service provider.

    Verizon’s 2025 Data Breach Investigations Report found that the share of data breaches that involved third parties such as suppliers, vendors, hosting partners and outsourced IT support providers reached 30% during the year ended Oct. 31, up from 15% the previous year.

    “While, to some extent, software vendors have long played a part in unintentionally increasing the attack surface for those who use their products and services, over the last two to three years, it has moved from the occasional (and typically minor to moderate) mishap to a much more widespread and insidious problem that can (and sometimes does) have a devastating effect on enterprises,” the report said.


    Recommended

    Meta Hires Apple Design Executive Alan Dye to Lead New Creative Studio

    Discount Retailers Drive Resurgent Demand for Retail Space

    Coinbase Partners with Banks on Crypto and Stablecoin Pilot Projects

    OpenAI Foundation to Disburse $40.5 Million in Grants to Nonprofits

    See More In: , , , , , , , , , ,