Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Workday hit by cyberattack

Incident
First reported
Last updated
Happening score
H score 8
1 unique sources, 1 articles

Summary

Hide ▲

The Workday breach of a third-party CRM platform exposed some business contact information and raised social-engineering risk. Attackers posed as HR personnel to persuade employees to hand over information, and the compromised data included names, email addresses, and phone numbers. Workday said there was no indication customer tenant data was reached and that it blocked access to the compromised system.

Related Happenings

UNC6040 and UNC6395 Salesforce data theft and extortion campaign

Campaign
First: 13.09.2025 12:04 Last: 13.09.2025 12:04 Sources 1

About this happening: **Workiva** disclosed that attackers who accessed a **third-party CRM system** stole a **limited set of business contact information** from some customers, including names, email...

Latest development: 08.10.2025 03:17

Salesforce says it will not negotiate with or pay any extortion demand from Scattered Lapsus$ Hunters after the group launched a breachforums[.]hn data leak site to extort 39 companies whose data was stolen from Salesforce; the site now appears shut down and the domain uses surina.ns.cloudflare.com and hans.ns.cloudflare.com nameservers.

Open Happening

Timeline

  1. 18.08.2025 03:00 1 articles · 9mo ago

    ShinyHunters link raised for Workday CRM compromise

    Attribution Update

    The Workday CRM compromise was assessed as likely tied to ShinyHunters, a financially motivated group known for stealing data from large organizations, after attackers used phishing or vishing and impersonated HR or tech support to reach Salesforce CRM information. The same social-engineering pattern was described against Google, Air France, KLM, Adidas, Allianz, Tiffany & Co., Dior, and Louis Vuitton.

    Show sources
    Open in new tab
  2. 15.08.2025 03:00 1 articles · 9mo ago

    Workday confirms third-party CRM breach and blocks access

    Initial Disclosure

    Workday confirmed that attackers posed as HR personnel to persuade Workday employee(s) to share information and gain access to some information from Workday's third-party CRM platform. Workday said the accessed data was limited to commonly available business contact information such as names, email addresses, and phone numbers, that there was no indication of access to customer tenants or the data within them, and that it quickly blocked access to the compromised system.

    Show sources
    Open in new tab