Workday has confirmed that it fell victim to a wide-ranging social engineering campaign that allowed hackers to access information at one of its third-party vendors.

The hackers work by impersonating IT and human-resources personnel in order to trick employees into sharing their personal information and account credentials, Workday said in a blog post published Friday.

Breaching the customer-support system gave the hackers access to support tickets that included Workday customers’ names, email addresses and phone numbers, which the hackers could use to conduct further social-engineering attacks. But Workday said there was no sign that the intruders had accessed data stored on its own servers...