.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Know Your Breach: Workday
Aug 22, 2025 8:39:43 AM
The Target: Workday, the cloud-based software company providing human resources systems
The Take: The threat actor was able to obtain what Workday described as “commonly available business contact information, like names, email addresses, and phone numbers,” which it speculated could be exploited “potentially to further their social engineering scams.”
The Vector: In its statement, the company said it “recently identified that Workday had been targeted and threat actors were able to access some information from our third-party CRM platform,” although it did not identify which platform it uses.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
