Workday, a provider of human resources technology, has confirmed a data breach affecting one of its third-party customer relationship databases. The incident has raised concerns over the growing trend of cybercriminals exploiting cloud-hosted platforms used by major corporations.
Nature of the Breach
In a blog post published Friday, the company revealed that hackers accessed an undisclosed volume of personal data, mostly comprising contact details such as names, phone numbers, and email addresses. Workday clarified that there was “no indication of access to customer tenants or the data within them.” These tenants typically store human resources files and employees’ personal records.
The company also warned that the stolen information could be exploited in social engineering attacks, where cybercriminals manipulate or deceive victims to extract sensitive information. According to Bleeping Computer, the breach was detected on August 6.
Scale of Exposure
Workday serves over 11,000 corporate clients and supports at least 70 million users worldwide, according to TechCrunch. However, the company did not disclose the name of the compromised third-party database. The breach comes in the wake of a series of high-profile attacks targeting Salesforce-hosted systems, which have affected companies like Google, Cisco, Qantas, and Pandora.
Details of the Google Breach
In a related case, Google confirmed a breach of one of its Salesforce systems that stored contact data for small and medium businesses. The attack was attributed to a cybercriminal group known as UNC6040, which specializes in voice phishing, or “vishing.”
The attackers impersonated IT support staff during phone calls and tricked employees into authorizing malicious software connected to Google’s Salesforce environment. Google noted that the data stolen was mostly publicly available, and the breach was detected and stopped quickly.
UNC6040’s Techniques
The UNC6040 group is notorious for targeting Salesforce platforms by misusing tools such as the “Data Loader” app, a legitimate tool for handling bulk data. Hackers often disguise their malicious software with names like “My Ticket Portal” to deceive employees during phishing calls.
As incidents like these increase, security experts warn that even limited contact information can be leveraged to launch far more damaging attacks, making employee awareness and stronger verification protocols critical in preventing future breaches.