Data Breaches

Workday Data Breach Bears Signs of Widespread Salesforce Hack

Workday appears to have joined the list of major companies that had their Salesforce instances targeted by hackers. 

Workday data breach

HR and finance giant Workday has disclosed a data breach that may be the result of an attack launched as part of a widespread campaign.

Workday said threat actors gained access to a third-party customer relationship management (CRM) system and obtained “commonly available business contact information” such as names, phone numbers, and email addresses.

The company, which has over 20,000 employees, said the attack was part of a social engineering campaign that hit many large organizations recently. 

In this campaign, attackers call or text employees at the targeted organization, claiming to represent IT or HR in an effort to trick them into handing over personal information or account access.  

“There is no indication of access to customer tenants or the data within them. We acted quickly to cut the access and have added extra safeguards to protect against similar incidents in the future,” Workday said.

The HR firm believes the information obtained by the attackers may be useful for other social engineering attempts. 

Advertisement. Scroll to continue reading.

Based on its brief description of the incident, the company may have joined a long list of major organizations whose Salesforce instances were targeted recently by the notorious cybercrime groups Scattered Spider and/or ShinyHunters, which may have merged recently.

The list of companies apparently targeted in this campaign includes Adidas, Allianz Life, Cisco, Dior, Louis Vuitton, Google, and Air France and KLM.

The attackers are relying on social engineering to gain access to targeted Salesforce instances and the attacks do not seem to involve exploitation of a vulnerability or access to Salesforce systems. 

Related: Manpower Says Data Breach Stemming From Ransomware Attack Impacts 140,000

Related: Connex Credit Union Data Breach Impacts 172,000 People

Related: Columbia University Data Breach Impacts 860,000

Related: French Telecom Firm Bouygues Says Data Breach Affects 6.4M Customers

Related Content

Data Breaches

The WorldLeaks extortion group claimed to have stolen 720 GB of data from the healthcare testing and laboratory services provider.

Data Breaches

Hackers exploited a zero-day vulnerability in a third-party system to access a KDDI email system for ISPs.

Data Breaches

Hackers accessed the institution’s internal network and deleted two drives containing employee, student, and university data.

Data Breaches

The professional services giant says it contained the incident, remediated its source, and experienced no operational or service delivery impact.

Cybercrime

In April, ShinyHunters accessed the company’s corporate IT systems and stole patients’ personal and medical information.

Data Breaches

Hackers accessed the insurance giant’s policyholder portal multiple times between June 15 and June 25.

Data Breaches

Only a handful of the 100 organizations targeted in the PeopleSoft campaign have been confirmed.

Data Breaches

The ShinyHunters extortion group claims to have stolen 3.1 TB of data from the organization.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version