AInvest Newsletter
Daily stocks & crypto headlines, free to your inbox
Workday Notifies of Phishing Campaign, No Customer Data Breached
ByAinvest
Monday, Aug 18, 2025 11:58 am ET1min read
Workday has disclosed that bad actors accessed company information through a phishing campaign targeting employees. The attackers obtained common business contact information, such as names, email addresses, and phone numbers, to further social engineering scams. Workday has taken action to cut access and add extra safeguards to prevent similar incidents in the future.
Workday, a leading human resources software provider, has disclosed that bad actors gained access to company information through a phishing campaign targeting employees. The attackers obtained common business contact information, such as names, email addresses, and phone numbers, to further social engineering scams. Workday has taken action to cut access and add extra safeguards to prevent similar incidents in the future.The breach was discovered earlier this month, with Workday notifying customers on August 6. The company stated that the information accessed was primarily commonly available business contact information, and there is no indication that customer tenants or the data within them were compromised [1].
The attack is believed to be part of a broader campaign by the extortion group known as ShinyHunters, which has targeted several high-profile companies, including Adidas and Google, using similar tactics. ShinyHunters has been known to demand ransoms to prevent the data from being leaked [2].
Workday emphasized that the company will never contact customers directly to request passwords or other secure details. Customers were advised to be cautious of any such requests and to verify the authenticity of communications through trusted support channels [1].
In response to the breach, Workday has implemented additional security measures to protect against similar incidents in the future. The company has also provided clear guidance to customers, reminding them of the importance of verifying communications and being vigilant against phishing attempts [1].
This incident underscores the ongoing threat posed by social engineering attacks and the importance of robust cybersecurity measures. As companies continue to rely on third-party platforms for various services, the risk of such breaches remains a significant concern for both businesses and their customers [2].
References:
[1] https://www.hrgrapevine.com/us/content/article/2025-08-18-hr-giant-workday-notifies-customers-of-data-breach-after-salesforce-cyberattack
[2] https://www.infosecurity-magazine.com/news/workday-reveals-crm-breach/
Ainvest News articles are AI-generated using advanced large language model (LLM) technology designed to analyze and synthesize publicly available data and news. While AI tools assist in producing initial drafts and insights, all AI generated content published on Ainvest is subject to comprehensive human editorial review before publication. A designated human editor reviews, verifies, and approves each article for factual accuracy, coherence, and compliance with AInvest Fintech Inc’s editorial and disclosure standards.
Despite these review procedures, the information provided may still contain inaccuracies, incomplete data, or time sensitive references due to the inherent limitations of AI generated analysis and evolving changes. The material is provided strictly for informational and educational purposes and does not constitute personalized investment, legal, or financial advice. Readers should independently verify all facts, figures, and statements before making any decision based on this content.
AInvest Fintech Inc. its affiliates, and partners accept no liability or responsibility for any direct or consequential losses arising from reliance on this content. All articles and analyses are subject to revision, update, or removal without prior notice to maintain accuracy and integrity in our publications.
Comments
No comments yet