Workday Data Breach: How a Hack of the HR Giant Is Putting Millions at Risk of Scams

One of the largest providers of human resources technology, Workday, has confirmed a data breach that compromised personal information stored in a third-party database. 

The breach is one of many in recent days, leaving many wondering why industry leaders that handle sensitive data are not better equipped to prevent cyberattacks. 

What Happened With the Workday Data Breach?

On August 6, 2025, hackers infiltrated one of Workday’s third-party customer relationship databases and stole an unspecified amount of personal data. 

According to Workday, the exposed information included names, email addresses, and phone numbers. 

While the company said there is “no indication” that its customer tenants or human resources files were accessed, it has not ruled out the possibility that customer information was also stolen.

With more than 11,000 corporate customers and at least 70 million users worldwide, Workday’s breach could impact millions of employees and business contacts.

What This Means for You

Even seemingly basic information, such as your name, email, and phone number, can be weaponized by hackers. Cybercriminals often use this type of data for social engineering scams, where they pose as trusted sources to trick victims into handing over sensitive details like Social Security numbers, passwords, or banking information.

In many cases, this can lead to identity theft, financial fraud, and long-term security risks for victims who may not even realize their information has been compromised until the damage is done.

A Pattern of Attacks Not Getting Addressed

Workday’s breach is part of a growing wave of cyberattacks on companies that rely on cloud-based databases. Recent victims include Google, Cisco, Qantas, and Pandora, many of which used Salesforce-hosted systems targeted by hackers.

One group in particular, known as ShinyHunters, has been linked to several of these attacks. They are notorious for using tactics like voice phishing to trick employees into granting access to secure corporate systems, often with the end goal of extorting companies by threatening to leak stolen data.

Unfortunately, it appears that many large companies are falling short in providing more robust security measures in light of recent events, leaving individuals’ private and sensitive information still vulnerable.

Workday’s Response Raises Questions

While Workday acknowledged the breach in a blog post, the company offered limited details, declining to disclose how many individuals were affected or whether it has the ability to track exactly what data was taken.

Adding to concerns, the company’s disclosure page contained a hidden “noindex” tag, preventing it from appearing in search engine results. This makes it harder for employees, customers, and the public to easily find critical information about the breach. For victims, this lack of transparency can delay the steps they need to take to protect themselves.

What You Can Do if You’re Affected

If you are a Workday customer or if your employer uses Workday’s HR systems, stay vigilant. Here are some steps you can take now:

• Watch for phishing attempts. Do not click links or share information with anyone claiming to be from Workday or your HR department without verifying the request.
• Enable multi-factor authentication (MFA). Add an extra layer of protection to your accounts wherever possible.
• Monitor financial accounts. Keep an eye out for unusual activity in your bank accounts or credit cards.
• Check your credit reports. Regularly review your credit history for unauthorized activity that may indicate identity theft.
• Consider identity theft protection. Services that monitor for compromised data can alert you if your information appears on the dark web.
  
   

How Morgan & Morgan Can Help

If your personal information was exposed in the Workday data breach, you may be entitled to legal remedies and financial compensation. Companies that fail to adequately secure sensitive data can and should be held accountable.

At Morgan & Morgan, our experienced data breach attorneys fight for victims of cyberattacks and corporate negligence. We understand the devastating impact identity theft and fraud can have on individuals and families, and we’ve recovered billions for clients nationwide.

You don’t have to face this alone. If you believe your information may have been compromised in the Workday breach, contact us today for a free, no-obligation case evaluation to learn more about your legal options. You may be entitled to compensation.