Hackers broke into Workday’s systems this month—but not in the way you might expect. The HR software giant confirmed that attackers gained access to a third-party CRM platform it uses, stealing basic business contact details like names, emails, and phone numbers.
The breach was first spotted on August 6th, but Workday only disclosed it publicly on August 18th. The company stressed that customer tenant data—where sensitive HR and payroll records live—was untouched. Still, the stolen information could easily be weaponized in phishing or impersonation campaigns, especially given Workday’s massive footprint: more than 11,000 corporate clients and 70 million users worldwide.
Investigators say the attackers relied on social engineering—posing as HR or IT staff over calls and texts to trick employees into handing over access. It’s the same kind of low-tech but effective method that’s been plaguing companies from Okta to Twilio in recent years.
Workday says it has locked down the compromised system and rolled out “enhanced safeguards,” but didn’t share how long attackers had access or the exact remediation steps taken.
That lack of detail leaves some open questions. For example, leaked contact info could be used to target job seekers applying through LinkedIn integrations, with scammers posing as recruiters to harvest more sensitive personal data—a risk already flagged by users in online forums.
The bottom line —
even though the data exposed looks limited, CRM breaches hit where trust is most fragile—at the point of human contact. For companies relying on Workday, the safest bet is to step up phishing awareness, tighten access controls, and prepare staff for a new wave of well-crafted scam attempts.