Core Insights - Workday experienced a data breach where fraudsters accessed information from its third-party CRM platform, specifically targeting employees through social engineering tactics [1][2] - The accessed data included business contact information such as names, email addresses, and phone numbers, which could be exploited for further scams [3] - Workday has implemented additional safeguards to prevent similar incidents in the future and clarified that it will not request secure details via phone [3] Industry Context - Data breaches often stem from vulnerabilities in third-party service providers rather than the companies themselves, highlighting a significant risk in the digital supply chain [4] - Verizon's 2025 Data Breach Investigations Report indicated that the proportion of data breaches involving third parties rose to 30% in the year ending October 31, up from 15% the previous year [5] - The increasing frequency and severity of breaches linked to third-party vendors have become a widespread issue, posing serious risks to enterprises [6]