Workday, a California-based human resource and financial management service provider, disclosed last week that it was recently targeted in a social engineering campaign aimed at several large organizations.
The attackers posed as representatives from human resources or IT through phone calls and text messages to deceive employees, the company said.The end goal of this social engineering campaign was stealing account access or personal information that could possibly help in deeper penetration.
Workday confirmed that the threat actors gained access to limited data from its third-party customer relationship management (CRM) platform.
“We recently identified that Workday had been targeted and threat actors were able to access some information from our third-party CRM platform.” – Workday
The company added that there is no evidence of unauthorized access to customer tenants or the data stored within them.
The compromised information primarily included widely available business contact details such as names, email addresses, and phone numbers, which the attackers may use to advance future social engineering campaigns.
The company said it acted swiftly to cut off the unauthorized access and has since strengthened safeguards to prevent similar incidents but did not reveal how long did the attackers have access, how many businesses’ details were compromised and what exact measures were taken to avoid such future incidents.
Social Engineering Involving IT Help Desks Becoming Common
Although so many advanced malware variants have emerged in the last one year, researchers note that social engineering still retains its top spot for initial access vector. According to Unit 42 of Palo Alto Networks, 36% of all incidents between May 2024 and 2025 began with a social engineering tactic. “These attacks consistently bypassed technical controls by targeting human workflows, exploiting trust and manipulating identity systems,” Unit 42 said. But what was striking is the fact that more than one-third of these social engineering incidents involved non-phishing techniques. Which means it involved campaigns like search engine optimization (SEO) poisoning, fake system prompts and help desk manipulation.
The UK recently saw a string of social engineering attacks targeting help desks of some of its prominent retailers like Marks & Spencer, Co-op, and Harrods. A group called “DragonForce” was able to successfully deploy a social engineering approach against their IT help desks. The UK’s National Cyber Security Centre (NCSC) warned that the group may try to emulate the success and try target the country’s other large businesses.
