An illuminated laptop keyboard.

By Chris Spiker From Daily Voice

Workday says attackers obtained employee contact information in a recent breach, but did not reach customer human resources systems.

In a blog post, Workday confirmed that hackers accessed personal data in a cyberattack that targeted the software giant earlier in August. The breach was discovered on Aug. 6, Bleeping Computer reported.

The breach involved a third-party customer database platform, exposing data like employee names, email addresses, and phone numbers.

"There is no indication of access to customer tenants or the data within them," Workday wrote. "We acted quickly to cut the access and have added extra safeguards to protect against similar incidents in the future."

Workday also said the breach came from a "social engineering scam." That's when attackers impersonate HR or IT staff to steal sensitive information.

The attack follows a series of recent breaches of Salesforce-hosted databases affecting companies like Google, Cisco, Qantas, and Pandora. Google said the group ShinyHunters, known for “vishing” schemes, was likely behind those incidents and may attempt to extort victims by threatening to leak stolen data.

Workday, which provides payroll and HR services to more than 11,000 organizations, has about 70 million users worldwide.