A data breach. Headlines scream, investors and customers panic, fingers get pointed, and goodwill gets affected.
Do you know how much a data breach can affect a company?
Data breaches have become a constant threat in our ever-connected world, and 2025 has been no different. From tech giants to government agencies, cyberattacks have targeted a vast array of organizations and individuals. This blog delves into the major data breaches that have dominated headlines so far this year, providing insights into the evolving threat landscape and highlighting key security vulnerabilities.
To navigate the specifics of each incident, we’ve compiled a month-by-month breakdown. Want to jump straight to a particular month’s breaches? Click the link below to explore them in detail.
- Top Data Breaches in January 2025
- Top Data Breaches in February 2025
- Top Data Breaches in March 2025
- Top Data Breaches in April 2025
- Top Data Breaches in May 2025
- Top Data Breaches in June 2025
- Top Data Breaches in July 2025
- Top Data Breaches in August 2025
- Top Data Breaches in September 2025
- Top Data Breaches in October 2025
- Top Data Breaches In November 2025
- Top Data Breaches In December 2025
1. Top Data Breaches in January 2025
Company Name: Talk Talk
Source: The Sun
Date: 01/27/2025
TalkTalk initiated an investigation after a hacker, known as “b0nd,” claimed to be selling information from approximately 18.8 million current and former customers online. The exposed data included customer names, emails, last-used IP addresses, business phone numbers, and home phone numbers. Notably, no billing or financial information was compromised, as the breach targeted a third-party supplier’s system, suspected to be CSG Ascendon’s subscription management platform. Both TalkTalk and CSG Ascendon are actively investigating the incident.
Company Name: Gravy Analytics
Source: The Verge
Date: 01/13/2025
Gravy Analytics, a major location data broker, suffered a significant data breach potentially exposing precise location data of millions of individuals. The breach, disclosed in early January, involved unauthorized access to their AWS cloud storage, with a small data sample leaked on a Russian forum, including sensitive locations like the White House and military bases. Gravy Analytics is investigating the duration and extent of the breach to determine whether personal data was compromised.
Company Name: Unacast Data Breach
Source: Reuters
Date: 01/11/2025
Unacast, a location tracking company, informed the Norwegian government of a data breach involving its data broker subsidiary, Gravy Analytics. The breach was executed using a “misappropriated key” to access a Gravy Analytics web server. Discovered on January 4, preliminary investigations suggest that some of the stolen files might contain personal data. Unacast is currently investigating the incident.
Company Name: PowerSchool Data Breach
Source: The Verge
Date: 01/10/2025
PowerSchool, a prominent K-12 educational technology company serving over 60 million students, experienced a data breach affecting schools across the U.S. and Canada. Threat actors accessed PowerSchool’s support platform using compromised credentials, potentially exposing names, addresses, Social Security numbers, medical information, and grades of students and staff. PowerSchool has taken steps to secure the data and stated that the breach is contained, with no anticipated risk of further data sharing.
Company Name: Sichuan Juxinhe Network Technology Co. Intrusions
Source: WSJ
Date: 01/17/2025
The Biden administration sanctioned Sichuan Juxinhe Network Technology Co., a Chinese firm implicated in cyber intrusions targeting U.S. telecommunications networks. These intrusions compromised communications of government officials, drawing attention to the geopolitical risks of cyber espionage.
Company Name: Salt Typhoon Cyber Espionage Campaign
Source: Wired
Date: 01/18/2025
The U.S. government identified Yin Kecheng, a 39-year-old Chinese national, as one of the hackers involved in significant cyberespionage activities orchestrated by the hacking group Salt Typhoon. This group, associated with China’s Ministry of State Security, breached nine U.S. telecommunications companies, accessing sensitive real-time communications, and compromised the U.S. Treasury’s network, stealing over 3,000 files. The U.S. Treasury has imposed sanctions on Yin Kecheng and Sichuan Juxinhe Network Technology, another entity linked to the Salt Typhoon.
Company Name: UnitedHealth Data Breach Affects 190 Million People
Source: WSJ
Date: 01/24/2025
A major data breach affected up to 190 million people, making it one of the largest healthcare breaches in U.S. history. The breach occurred at Change Healthcare, a subsidiary of UnitedHealth, when the “Blackcat” ransomware group gained access to the company’s systems. The stolen data included health insurance info, medical records, and sometimes financial details. The breach caused significant disruptions in claims processing and billing, leading to a financial loss of around $3.09 billion for UnitedHealth. The company is working on improving cybersecurity measures and cooperating with authorities to prevent future incidents.
2. Top Data Breaches in February 2025
Company Name: The Genea Fertility Clinic Breach
Source: The Guardian
Date: 02/26/2025
A cyberattack on Genea, a leading Australian IVF and fertility services provider, has allegedly resulted in sensitive patient data being leaked on the dark web. The attack, attributed to the Termite ransomware group, led Genea to obtain a court injunction criminalizing access to the breached data.
The breach, detected on February 14, exposed 940.7GB of patient information, including names, dates of birth, Medicare numbers, medical histories, diagnoses, treatments, test results, and contact details. Financial data was not confirmed to be compromised. Genea informed patients of the attack on February 21 but has not yet specified which individuals were affected.
Genea is working with cybersecurity authorities and government agencies while continuing its investigation. The Termite ransomware group has previously targeted multiple sectors across various countries, using encryption tactics and ransom demands via the dark web.
Company Name: TD Bank Compromised
Source: abc 8 News
Date: 02/08/2025
TD Bank has confirmed a data breach involving a former employee who accessed and shared customer information, including names, contact details, birth dates, account numbers, and transaction details. While Social Security numbers and passwords were not compromised, the breach still poses risks of fraud and identity theft. To support affected customers, TD Bank is offering two years of free identity protection through the Fraud-Defender program.
Customers are advised to enroll in the program, monitor their accounts for suspicious activity, update passwords, enable multi-factor authentication, and check credit reports for unauthorized changes. Placing fraud alerts or credit freezes can provide additional security, while staying vigilant against phishing scams is crucial. Those seeking long-term protection may consider identity theft insurance. To stay informed, customers should follow TD Bank’s official updates for any new security measures.
Company Name: Alibaba Cloud Vulnerability
Source: Cybersecurity News
Date: 02/03/2025
A critical security vulnerability was discovered in Alibaba Cloud OSS, allowing unauthorized users to upload data due to a misconfigured HTTP PUT method. Security researcher Muhammad Waseem identified the issue during routine web browsing when a 403 Forbidden response hinted at restricted access to Alibaba Cloud OSS resources. Using the Wappalyzer extension, he confirmed the platform as Alibaba OSS and intercepted the request with Burp Suite. By modifying the PUT request, he successfully uploaded a test JSON file and received a 200 OK response, confirming the misconfiguration.
The uploaded file was publicly accessible, demonstrating the exploitability of the flaw. This vulnerability enables attackers to store malicious content, exfiltrate sensitive data, or overwrite critical files, leading to operational disruptions. If combined with read-access misconfigurations, it could result in severe data breaches, exposing sensitive information.
Company Name: Orange Group Data Breach
Source: 10 Data Conomy
Date: 02/25/2025
The Orange Group data breach exposed 600,000+ records after hacker Rey leaked internal data from Orange Romania following a failed ransom demand. The attacker remained undetected for over a month, stealing 6.5GB of data in just three hours, including customer and employee PII, financial records, and source code. Orange confirmed the breach but downplayed its impact, calling it a non-critical back-office incident.
However, the company’s security failures highlight major gaps in threat detection and incident response. The breach raises concerns about telecom cybersecurity standards, as real-time detection mechanisms failed to flag unauthorized access. With regulatory scrutiny under GDPR and potential legal claims looming, this incident underscores the need for stronger security measures in the telecom industry.
Company Name: DecisionFi Data Breach Exposed
Source: VPN Ranks
Date: 02/21/2025
DecisionFi LLC has disclosed a data breach, detected on January 15, 2025, and officially reported on February 21, 2025. An unauthorized user accessed sensitive consumer data through a web application. By January 28, the company identified the affected files and individuals. DecisionFi has since notified impacted consumers, though the exact data compromised remains unspecified.
The firm has strengthened its security and advised affected individuals to monitor financial activity and consider fraud alerts or credit freezes. This breach underscores the growing cybersecurity risks in the financial technology sector, which has faced increasing legal and financial consequences from such incidents.
Company Name: Freddie Mac Data Breach
Source: VPN Ranks
Date: 02/19/2025
Freddie Mac has disclosed a major data breach, exposing consumer names and Social Security numbers. Reported on February 19, 2025, the full scope and origin of the breach remain unknown. The company has launched an internal investigation and is notifying affected individuals, advising them to monitor their financial accounts for unauthorized transactions. Consumers are also urged to check their credit reports and consider fraud alerts or credit freezes to prevent identity theft.
This incident highlights the ongoing cybersecurity risks in the financial sector, as institutions face increasing challenges in safeguarding consumer data. In 2024, several major breaches resulted in costly settlements, emphasizing the need for stronger security measures. As cyber threats continue to evolve, financial organizations must enhance their defenses to protect sensitive information. The breach serves as a reminder of the growing risk of cyberattacks and the importance of proactive security strategies.
3. Top Data Breaches in March 2025
Company Name: Oracle Cloud Data Breach
Source: Dark Reading
Date: 03/25/2025
A significant data breach allegedly affecting Oracle Cloud, with approximately six million records compromised, was reported this month. The threat actor, identified as “rose87168,” claims to have exfiltrated sensitive data from Oracle’s Single Sign-On (SSO) and LDAP systems, including Java KeyStore (JKS) files, encrypted passwords, key files, and Java Process Status (JPS) keys. This incident is being described as one of the most impactful supply chain attacks of the year, potentially affecting over 140,000 Oracle Cloud tenants. The attacker has reportedly sought assistance in decrypting the stolen data and is demanding payment from affected organizations in exchange for deleting their records.
Oracle has officially denied the breach, stating that its cloud infrastructure remains secure and that the credentials being circulated do not belong to its systems. Despite this, multiple cybersecurity researchers and some Oracle customers have confirmed the authenticity of sample data shared by the attacker, raising concerns about the veracity of Oracle’s denial. Given the conflicting narratives, organizations relying on Oracle Cloud services are advised to take precautionary steps such as rotating passwords and keys, auditing logs for suspicious activity, and strengthening access controls through multi-factor authentication. As the situation unfolds, staying informed through official channels and security advisories is critical.
Company Name: New York University (NYU) Data Breach
Source: Washington Square News
Date: 03/22/2025
New York University (NYU) experienced a major data breach that exposed the personal information of over 3 million applicants. On March 22, a hacker took control of the university’s official website, replacing the homepage with charts displaying SAT and ACT scores, GPAs, and demographic data categorized by race. The defaced page included a message accusing NYU of continuing to use race-based affirmative action practices, despite the 2023 U.S. Supreme Court ruling that declared such practices unconstitutional.
The individual behind the breach, using the handle @bestn-gy on X (formerly Twitter), claimed responsibility and stated that the data was sourced from NYU’s internal data warehouse. The hacker also alleged involvement in a previous 2023 breach at the University of Minnesota. The information leaked from NYU included names, test scores, intended majors, zip codes, family backgrounds, and financial aid details, with records dating as far back as 1989.
NYU’s IT team acted swiftly, restoring the website within approximately two hours and notifying law enforcement. The university is currently investigating the breach and enhancing its cybersecurity infrastructure to prevent future incidents. In the aftermath, a class-action lawsuit has been filed against NYU, alleging negligence in protecting sensitive applicant data. The incident has sparked broader concerns about data security in academic institutions and underscores the need for stronger cybersecurity practices across the education sector.
Company Name: SpyX Stalkerware Data Breach
Source: Techradar
Date: 03/19/2025
The stalkerware app SpyX, marketed as a parental monitoring tool, recently suffered a massive data breach that exposed the personal information of nearly 2 million individuals, including thousands of Apple users. The breach revealed highly sensitive data, such as approximately 17,000 iCloud usernames and passwords stored in plaintext, along with email addresses, IP addresses, and device information. In some cases, logs of victims’ activities, including messages and photos, were also exposed.
This breach is especially alarming because stalkerware apps like SpyX are often used for covert surveillance rather than legitimate parental oversight. While these apps claim to help monitor children, they can easily be misused to spy on partners, employees, or unsuspecting individuals, raising serious ethical and legal concerns. The discovery was made by cybersecurity researchers from DDoSecrets and TechCrunch, who found unsecured backend data during their investigation.
The incident highlights not only the privacy violations caused by such spyware tools but also the security risks they pose to everyone involved, including those who use them. With this breach, victims are now at increased risk of identity theft, account compromise, and further privacy invasion. It’s a strong reminder of the need for stricter regulation and enforcement against stalkerware, which continues to operate in a gray area with devastating consequences.
Company Name: Jaguar Land Rover Suffers Major Data Breach
Source: The420.in
Date: 03/31/2025
Jaguar Land Rover (JLR) reportedly suffered a data breach in March 2025, with a hacker named “Rey” claiming to have exposed 700 internal documents. The leaked data includes development logs, source code, tracking data, and employee credentials. The breach allegedly stemmed from compromised Jira credentials, likely obtained via infostealer malware, similar to tactics used by the HELLCAT ransomware group. This leak raises concerns over intellectual property theft, employee privacy, and competitive risks. JLR has yet to comment, but the incident highlights the need for stronger security measures like MFA, credential rotation, and continuous monitoring.
4. Top Data Breaches in April 2025
Company Name: Yale New Haven Health System Breach
Source: SecurityWeek
Date: 04/11/2025
Detected on March 8, 2025, and disclosed on April 11, 2025, this breach affected 5.5 million individuals. Compromised data included names, dates of birth, addresses, phone numbers, email addresses, race/ethnicity, Social Security numbers, and medical record numbers. The electronic medical record system, financial accounts, payment information, and employee HR data were not accessed. Likely a ransomware attack, hackers copied data on the discovery day, but patient care was unaffected.
The largest breach of April 2025 by affected individuals highlights healthcare’s vulnerability to cyberattacks, with exposed data increasing risks of identity theft and medical fraud. Notifications began on April 14, with credit monitoring offered for those with exposed Social Security numbers.
Company Name: Blue Shield of California Breach
Source: BleepingComputer
Date: 04/09/2025
Reported on April 9, 2025, this breach affected 4.7 million individuals due to a Google Analytics misconfiguration on company websites, active from April 2021 to January 2024. Data shared with Google Ads included names, family size, insurance plan details, city, zip code, account identifiers, medical claims, patient financial responsibility, and doctor search information. Discovered on February 11, 2025, the Google Ads connection was severed in January 2024.
The second-largest breach underscores risks of third-party vendor integrations in healthcare, raising significant privacy and regulatory compliance concerns. Notifications were sent to affected members.
Company Name: VeriSource Services Breach
Source: SecurityWeek
Date: 04/28/2025
Disclosed on April 28, 2025, this breach affected 4 million individuals, primarily employees and dependents of client companies. The cyberattack occurred in February 2024, with unusual activity detected on February 28, 2024. Compromised data included names, addresses, dates of birth, gender, and Social Security numbers, varying by individual. The investigation concluded on April 17, 2025, with notifications starting April 23, 2025. Initial estimates in 2024 suggested 112,000 affected, but the scope expanded significantly.
A major breach in the HR outsourcing sector, it exposed sensitive employee data, increasing risks of identity theft. VeriSource offers 12 months of free credit monitoring and identity protection. No evidence of data misuse has been reported, and no ransomware group has claimed responsibility.
Company Name: Hertz Corporation Breach
Source: BleepingComputer
Date: 04/14/2025
Disclosed on April 14, 2025, this breach affected 1,000,175 individuals across Hertz, Dollar, and Thrifty brands. Confirmed on February 10, 2025, it stemmed from zero-day vulnerabilities in Cleo’s file transfer platform exploited by the Clop ransomware gang in October and December 2024. Compromised data included names, contact information, dates of birth, credit card details, driver’s licenses, and workers’ compensation claims. A small subset had Social Security numbers, government IDs, passports, or injury-related data exposed. Hertz’s network was not directly impacted.
A significant breach due to its scale and sensitive data exposed, it heightens risks of fraud and identity theft. Hertz is offering two years of free identity protection through Kroll and reported the incident to law enforcement. The Clop gang’s involvement underscores third-party vendor risks.
Company Name: Alternate Solutions Health Network Breach
Source: Class Action
Date: 04/14/2025
Reported on April 14, 2025, this breach affected 93,589 individuals. Unauthorized access to an email account, discovered on February 14, 2025, exposed names, dates of birth, addresses, driver’s license numbers, physician/clinician names, clinical information, diagnostics, treatment details, and limited Social Security numbers. Notifications began on April 14, 2025.
A smaller but significant healthcare breach, it increases risks of identity theft and medical fraud. The email account was secured, and an investigation was launched, highlighting the need for robust email security in healthcare.
Company Name: PJM Interconnection Breach
Source: Cyberint
Date: 04/28/2025
In April 2025, threat actor l33tfg claimed to have breached PJM Interconnection LLC, affecting over 4,000 customer database entries. Leaked data included names, email addresses, and phone numbers, critical for North America’s largest electric transmission system.
Though smaller, the breach’s target, critical infrastructure, raises energy security concerns. Specific response measures are unclear, but investigations and notifications are likely underway.
Company Name: WK Kellogg Co Breach
Source: BleepingComputer
Date: 04/04/2025
Disclosed on April 4, 2025, this breach involved employee and vendor data stolen via Cleo’s file transfer platform, exploited by the Clop ransomware gang on December 7, 2024. Discovered on February 27, 2025, it affected an unknown number of individuals, with at least one Maine employee’s name and Social Security number confirmed compromised. WK Kellogg used Cleo for HR file transfers.
The breach’s scope remains unclear, but exposed HR data poses identity theft risks. WK Kellogg offers one year of free identity theft protection through Kroll. The incident, linked to Clop’s broader Cleo attacks, emphasizes third-party vendor vulnerabilities.
5. Top Data Breaches in May 2025
Company Name: Coca-Cola
Source: CyberNews
Date: 05/15/2025
Coca-Cola’s Middle East division was targeted by the Everest ransomware gang, which accessed internal systems and exfiltrated employee data after the company refused to engage in ransom talks, reportedly demanding $20 million. The attackers are believed to have used phishing or exposed remote access to gain entry, and after negotiations were declined, they leaked sensitive HR documents on underground forums. A separate claim by another group alleging a much larger data theft linked to Coca-Cola Europacific Partners added to concerns about wider weaknesses in the company’s IT environment.
The leaked information included passport and visa scans, employee ID documents, and internal HR communications, directly affecting around 959 employees, primarily in the Middle East. Coca-Cola acknowledged the breach, launched investigations, and offered support to impacted staff while reviewing its global security architecture. The incident underlined a critical risk for large enterprises, as inconsistent security controls across regional operations create easy entry points that attackers are quick to exploit.
Company Name: Coinbase
Source: Coinbase
Date: 05/13/2025
Coinbase confirmed a data breach affecting nearly 70,000 users after cybercriminals bribed overseas customer support agents to gain internal access. The attackers extracted sensitive customer information and attempted to extort the company for $20 million. Coinbase refused to pay and instead announced a $20 million reward for information leading to the arrest of those responsible.
The breach was carried out through insider misuse at third-party support vendors, where contractors accessed user data to enable targeted impersonation scams. Exposed information included names, contact details, home addresses, government-issued IDs, partial SSNs, and limited banking metadata, while passwords, private keys, and funds remained untouched.
Coinbase terminated the involved insiders, shut down overseas support contracts, centralized operations in the U.S., and launched a full investigation. The incident led to major response costs, legal scrutiny, and market impact, reinforcing a clear lesson that third-party access without strict controls creates serious insider risk at scale.
Company Name: Adidas
Source: Reuters
Date: 05/23/2025
Adidas disclosed a data breach after attackers gained unauthorized access to a third-party customer service platform used to manage support interactions. The incident exposed contact details of customers who had reached out to Adidas support, though no financial information or account passwords were compromised. The breach points to growing risks tied to external SaaS tools that handle customer communications but sit outside a company’s direct control.
The attackers accessed the vendor’s system, likely due to weak access controls or outdated security settings, and obtained names, email addresses, phone numbers where available, and customer service inquiry records. While Adidas did not confirm the total number of affected users, analysts estimate the impact could extend to several hundred thousand customers.
Adidas isolated the vendor system, launched internal and third-party investigations, notified regulators and users, and began reassessing how customer data is shared with external providers. The incident reinforces a clear lesson: third-party services, even for routine support functions, must meet the same strict security standards as core systems.
Company Name: Marks & Spencer
Source: The Guardian
Date: 05/23/2025
Marks & Spencer confirmed a major cyberattack in May 2025 that disrupted operations over the Easter weekend and exposed customer personal data. The incident has been linked to the hacking group Scattered Spider and caused widespread service outages, including online systems being unavailable for more than 72 hours. Early findings suggested the intrusion may have passed through systems managed by M&S’s IT outsourcing partner, Tata Consultancy Services, though investigations are still ongoing.
Attackers reportedly used social engineering to gain access to internal tools, possibly taking advantage of reduced oversight during the holiday period. Exposed data included customer names, email and postal addresses, dates of birth, and internal account metadata, with no confirmation of payment or login credential exposure. While M&S did not disclose exact numbers, analysts estimated the impact could reach hundreds of thousands of customers.
The breach led to operational disruption, potential losses nearing £300 million, and regulatory scrutiny from the Information Commissioner’s Office. M&S notified customers, engaged forensic experts, reviewed vendor access controls, and cooperated with authorities, highlighting the risk that outsourced IT environments can introduce when oversight and access governance are not tightly enforced.
Company Name: Ascension
Source: Data Privacy Insider
Date: 05/15/2025
Ascension disclosed multiple data breaches in May 2025 linked to failures in third-party vendor systems, exposing the protected health information of more than 437,000 patients. The most severe incident involved a former business partner who continued to retain patient data on outdated software, which attackers exploited to gain unauthorized access. A separate breach tied to another cloud-based service provider pointed to broader gaps in vendor security practices across Ascension’s ecosystem.
The exposed data included patient names, home addresses, Social Security numbers, clinical and insurance details, and medical treatment records, creating serious risk of medical identity theft and fraud. Ascension confirmed that 437,385 patients were notified and warned that further exposure may surface as investigations continue.
The organization initiated patient notifications, offered identity protection services, coordinated with federal regulators, and began a comprehensive audit of vendor access and data-sharing arrangements. The incident highlights a hard truth for healthcare providers: third-party systems handling patient data must be governed with the same rigor as internal platforms, or they become prime entry points for large-scale compromise.
Company Name: AT&T
Source: Cybernews
Date: 05/26/2025
AT&T is facing scrutiny after a threat actor claimed to have leaked a dataset containing 31 million customer records on a well-known dark web forum. The 3.1GB dataset, shared in structured JSON and CSV formats, included indexed and organized records, raising concerns among analysts about the credibility and scale of the incident. Although AT&T has not confirmed the breach, security researchers reviewing samples treated the leak as potentially serious due to the depth and consistency of the exposed data.
The leaked information reportedly included full names, dates of birth, tax IDs, contact details, IP addresses, device identifiers, and residential addresses, data that could enable identity theft and targeted scams if validated. The actor claimed 31 million records were involved, while researchers confirmed at least one real individual and estimated that several million users could be affected if the dataset proves authentic. With no public response from AT&T at the time of reporting, the situation highlighted how unverified leaks alone can damage trust and trigger regulatory attention, reinforcing the need for rapid investigation and transparent communication when such claims surface.
6. Top Data Breaches in June 2025
Title: 16 Billion Credentials Leaked in Historic Data Dump
Source: Economic Times
Date: 06/18/2025
A massive data dump containing 16 billion credentials surfaced online, built over years from infostealer malware infections rather than a single breach. Threat actors silently harvested login details from compromised devices worldwide and later released the combined dataset. The exposed records included email addresses, usernames, and passwords linked to major services such as Google, Apple, Microsoft, Facebook, and Netflix, along with accounts tied to various government portals. The scale and structure of the dump indicated long-term collection across millions of infected systems.
The credentials were traced back to more than 750 million compromised devices, placing billions of online accounts at risk of credential stuffing, account takeover, phishing, and impersonation. Since no single company was directly breached, responses came from security experts and platforms urging users to reset passwords, enable multi-factor authentication, and monitor accounts for misuse. The incident underscored a critical lesson: infostealer malware creates delayed, large-scale exposure, where stolen credentials can resurface years later with widespread impact.
Company Name: Zoomcar
Source: Times Of India
Date: 06/13/2025
Zoomcar disclosed a data breach after attackers accessed its backend systems through an unpatched API weakness. A sample dataset containing millions of user records later appeared on dark web forums, raising concerns about the scale of exposure. The breach did not involve any external vendor and was traced directly to gaps in Zoomcar’s application security controls.
The exposed information included user names, mobile numbers, email addresses, home addresses, and vehicle registration details, impacting around 8.4 million users. While no financial data was reported compromised, the incident created risk of phishing and identity fraud. Zoomcar launched an internal investigation, informed law enforcement, and worked closely with CERT-In to assess and contain the issue. The incident reinforced a clear lesson for consumer platforms: APIs demand strict security reviews and continuous testing due to their direct exposure to user data.
Company Name: Bank Sepah
Source: Dark Reading
Date: 06/17/2025
Bank Sepah experienced a large-scale service outage that disrupted ATM access, mobile banking, and fuel payment systems across the country. Early reports pointed to possible unauthorized physical access at a server facility, with video footage showing individuals interfering with critical infrastructure. While officials initially denied any cyberattack, the nature and timing of the disruption led analysts to suspect deliberate sabotage or a targeted attack affecting core banking operations.
There is no confirmed evidence of customer data exposure, but experts warned that data deletion or corruption may have impacted backend systems. Although the number of affected individuals remains unknown, the nationwide service disruption suggested indirect impact on millions of customers and businesses. Regulators have since launched a review to assess system resilience and operational safeguards. The incident highlighted a key lesson for critical sectors: safeguarding physical infrastructure and ensuring redundancy are essential alongside technical controls to maintain service continuity.
Company Name: Aflac
Source: Dark Reading
Date: 06/12/2025
Aflac disclosed a customer data breach after a cybercriminal group identified as Scattered Spider used stolen credentials to gain access to internal systems. The attackers were able to move within the environment and extract sensitive policyholder information. While Aflac has not shared exact figures, the breach involved highly sensitive records, placing affected customers at risk and drawing attention from regulators and enterprise clients.
The exposed data reportedly included Social Security numbers, health-related details, and insurance claims information. Aflac stated that no third-party vendors were involved and emphasized that payment systems remained secure. In response, the company engaged external cybersecurity experts, informed law enforcement, and communicated with customers to provide clarity on the incident. The breach reinforced a clear risk for insurers, as access to rich personal data makes them frequent targets, and strong identity monitoring and lateral activity visibility remain critical to limit impact.
Company Name: Hawaiian Airlines
Source: Reuters
Date: 06/26/2025
Hawaiian Airlines reported a cyber incident that disrupted several backend systems and affected internal operations. While the airline did not disclose technical details, the pattern of system disruption led analysts to suspect a ransomware-related event. Authorities were notified as a precaution, and early assessments focused on restoring operational stability rather than data recovery.
Hawaiian Airlines confirmed that no customer, passenger, or financial data was compromised and that the impact was limited to internal systems. The incident caused short-term operational delays and drew attention from federal regulators, including the Federal Aviation Administration. In response, the airline engaged cybersecurity specialists and worked with authorities to assess the scope of the incident. The event underscored that even without data exposure, disruptions to operational technology can create a serious business impact, making readiness and response planning essential.
Company Name: Glasgow City Council
Source: The Scottish Sun
Date: 06/19/2025
Glasgow City Council faced a major disruption after a ransomware incident disabled several public-facing services. Ransom notes discovered within affected systems pointed to financial extortion as the motive behind the attack. While the exact entry point has not been disclosed, the incident caused widespread outages across civic platforms, prompting concerns about the safety of municipal data and service continuity.
There is no confirmed evidence of data exposure so far, but officials warned that public records and citizen service information could be at risk. The outage affected thousands of residents and city staff, leading to suspended payment and planning services and slowing day-to-day operations. Glasgow’s IT teams isolated impacted systems, restored essential services, and launched forensic investigations to assess the scope of the incident. The disruption highlighted a recurring issue for local governments, as ransomware incidents can severely impact public services when resilience planning and offline continuity measures are insufficient.
7. Top Data Breaches in July 2025
Company Name: McDonald
Source: Indianexpress.com
Date: 07/11/2025
McDonald’s disclosed a major data exposure after its recruitment chatbot was compromised due to the use of a default password, “123456.” Attackers exploited this basic security lapse to access backend systems and retrieve applicant information stored in inadequately secured databases. The incident did not stem from a sophisticated attack but from weak access controls that allowed direct entry into sensitive systems.
The breach exposed personal data of nearly 64 million job applicants, including full names, email addresses, phone numbers, and resumes containing birthdates, education details, and work history. The scale of exposure highlighted how simple failures such as default credentials and lack of multi-factor authentication can lead to massive impact. Strong password enforcement, tighter privileged access controls, and proper database segmentation could have significantly reduced the risk and limited access to applicant records.
Company Name: Anne Arundel Dermatology Breach
Source: PRnewswire
Date: 07/17/2025
Anne Arundel Dermatology suffered a ransomware incident after attackers gained initial access to its network, likely through compromised remote access credentials or an unaddressed system weakness. After entry, the intruders moved across internal systems, escalated access rights, and both exfiltrated and encrypted sensitive data. Limited internal visibility allowed the activity to continue without early detection.
The breach affected around 1.9 million patients and exposed highly sensitive information, including full names, birthdates, medical diagnoses, and insurance details. The scale of impact highlighted gaps in internal controls, particularly the absence of strong network segmentation and endpoint monitoring. More consistent vulnerability scanning, tighter system separation, and broader endpoint visibility could have restricted attacker movement and reduced the overall impact of the incident.
Company Name: France Travail
Source: Cybernews
Date: 07/11/2025
France Travail disclosed a data breach after attackers compromised a third-party training partner using infostealer malware. The malware enabled access to active user sessions, allowing the attackers to bypass two-factor authentication by intercepting one-time passcodes or reusing hijacked sessions. This indirect entry point allowed threat actors to reach sensitive records without directly breaching France Travail’s core systems.
The incident affected around 340,000 job seekers and exposed personal information including full names, addresses, phone numbers, and national identification numbers. The breach highlighted the risk introduced by external partners that handle sensitive data and maintain trusted access. Stronger session controls, tighter device-level monitoring, and continuous behavior analysis alongside 2FA could have limited the impact and reduced the likelihood of similar third-party-driven incidents.
Company Name: SharePoint
Source: Cyberpress
Date: 07/28/2025
Microsoft SharePoint environments were targeted through a zero-day weakness known as ToolShell, which attackers used to gain administrative access. After exploiting the flaw, they deployed web shells to retain control, expand access across connected systems, and extract internal data. The technique allowed sustained access without immediate detection, making the compromise particularly hard to contain once established.
The exposed information included sensitive internal documents, access credentials, and procurement and architecture blueprints. The incident showed how quickly unpatched flaws in widely used collaboration platforms can be abused at scale. Faster update cycles, tighter inspection of inbound and outbound web traffic, and early detection of abnormal script execution could have reduced dwell time and limited the impact of the attack.
Company Name: Indaco Data Leak
Source: Cyber Security News Everyday
Date: 07/21/2025
Indaco suffered a data breach after attackers gained access to its internal systems, likely through spear-phishing emails or outdated VPN gateways. Once inside, the attackers extracted sensitive intellectual property and business data, including proprietary paint formulas and customer order information, and later published parts of the data online. The incident raised concerns about weak access controls around systems handling high-value research and commercial information.
The exposed data included confidential formulas, internal R&D communications, and detailed customer orders, creating both competitive and financial risk for the company. The breach highlighted how outdated remote access software and limited protection around intellectual property can lead to severe exposure. Regular updates to remote access systems, strict access controls, and strong encryption for sensitive research and customer data are essential to reduce the risk of similar incidents.
Company Name: Allianz Life Insurance
Source: Economic Times
Date: 07/27/2025
Allianz Life Insurance Company disclosed a data breach after attackers used social engineering to compromise a third-party CRM provider. By impersonating trusted personnel, the attackers gained access to customer records stored within the CRM system, highlighting how indirect access paths can be exploited when external partners hold elevated privileges.
The exposed information included customer names, email addresses, phone numbers, and insurance policy numbers. Although the breach was limited to contact and policy data, it raised serious concerns about oversight of third-party access to critical systems. The incident reinforced the need for strict identity verification for vendor staff and tighter access controls that limit what external systems and users can reach, even when they are part of trusted business workflows.
8. Top Data Breaches in August 2025
Company Name: Google Salesforce
Source: Economic Times
Date: 08/23/2025
Google confirmed that its Salesforce-hosted customer database was compromised in August after a coordinated attack by the hacking group ShinyHunters. Investigations later showed the intrusion began as early as June 2025 and remained undetected for several weeks. The incident was part of a broader campaign targeting multiple organizations that rely on Salesforce, raising concerns about how shared SaaS platforms can become a common entry point across enterprises.
The exposed data mainly consisted of business contact records, including names, email addresses, and phone numbers, with no financial data or login credentials confirmed as compromised. Although Google did not disclose exact figures, estimates suggested that millions of contacts may have been affected. Google began notifying impacted customers, worked closely with Salesforce to contain the issue, and announced tighter monitoring of SaaS environments and vendor-specific controls.
The breach reinforced a clear lesson: even large enterprises face risk when trusted SaaS platforms are compromised, making strong vendor oversight and continuous monitoring essential.
Company Name: Air France and KLM
Source: Forbes
Date: 08/07/2025
Air France and KLM reported a data breach on August 7, 2025, after attackers gained unauthorized access through a third-party customer support system. The vendor environment was used to reach passenger records and loyalty program data, highlighting risks tied to external platforms that integrate closely with airline operations.
The exposed information included passenger names, contact details, and Flying Blue loyalty numbers, with no payment card or passport data confirmed. Although the airlines did not disclose exact figures, industry reports suggested hundreds of thousands of travelers could be affected. Both airlines secured the vendor system, launched investigations, and advised customers to monitor account activity, reinforcing the need for stronger oversight of third-party systems in the travel sector.
Company Name: Workday
Source: Website Planet
Date: 08/18/2025
Workday disclosed a data breach on August 18, 2025, confirming it was impacted by a broader campaign targeting Salesforce integrations. Attackers abused weaknesses in connected Salesforce environments to extract data linked to Workday’s business contacts. While core platforms were not directly compromised, the incident showed how tightly coupled SaaS integrations can extend risk beyond a single vendor.
The exposed information included names, email addresses, and business phone numbers of Workday contacts, with no payroll or employee HR records affected. Workday did not share exact figures, though analysts expect meaningful exposure due to its global footprint. The company stated it is strengthening oversight of third-party integrations and expanding threat detection, underscoring a key takeaway: compromise of widely used SaaS platforms can cascade quickly across interconnected organizations.
Company Name: Trans Union
Source: The Record
Date: 08/28/2025
TransUnion disclosed a data breach on August 28, 2025, after attackers accessed its systems through a compromised third-party application. The intrusion began in July and exposed highly sensitive identity records, drawing concern due to TransUnion’s role in credit checks and financial verification.
The breach affected about 4.4 million individuals and exposed full names, PII, and Social Security numbers. TransUnion confirmed the incident, notified regulators, and offered credit monitoring and identity protection to impacted users, reinforcing the risk that third-party application access poses to organizations holding large volumes of identity data.
Company Name: Connex Credit Union
Source: Bleeping Computer
Date: 08/11/2025
Connex Credit Union disclosed a data breach on August 11, 2025, affecting around 172,000 customers. The incident exposed customer personal information, though the institution stated that the exact data categories involved were still under investigation. The breach highlighted the pressure regional financial institutions face when responding to security incidents with limited resources.
Connex notified regulators and began informing affected customers while conducting an internal review and rolling out security improvements. The exposure created reputational and compliance challenges, particularly under state banking rules and federal oversight. The incident reinforced a clear lesson for smaller banks, as they remain attractive targets and require ongoing investment in vulnerability management, regular testing, and well-defined customer notification processes.
Company Name: Manpower
Source: Bleeping Computer
Date: 08/12/2025
Manpower confirmed a ransomware incident on August 12, 2025, linked to the RansomHub. The attackers exfiltrated roughly 500GB of data before issuing ransom demands, disrupting core talent management operations and creating concern among enterprise clients that rely on Manpower for staffing services.
The exposed data included corporate files along with employee and candidate records containing sensitive personal information, affecting 144,189 individuals. Manpower engaged incident response teams and notified regulators, though data already posted on underground forums suggested ongoing extortion pressure. The incident underscored how modern ransomware campaigns rely on both data theft and public leaks to intensify impact and prolong recovery.
Company Name: Orange
Source: Times Of India
Date: 08/24/2025
Orange SA disclosed a data leak in early August after a ransomware attack linked to the Warlock. The attackers exfiltrated roughly 4GB of sensitive business data and later published it on dark web forums, drawing attention to risks faced by telecom providers that operate critical infrastructure and support large enterprise clients.
The leaked material included confidential business customer information and internal corporate documents, with the exact number of affected parties still unclear but believed to be significant among enterprise users. Orange confirmed the incident, began cooperating with French authorities, and increased monitoring to track potential misuse of the exposed data. The case highlighted the importance of strong ransomware readiness, clear vendor oversight, and timely disclosure to protect business relationships and maintain trust.
9. Top Data Breaches in September 2025
Company Name: Volvo Group
Source: Cyber Security News
Date: 09/25/2025
Volvo Group confirmed a data breach after its HR software provider, Miljödata, was hit by a ransomware attack in late August 2025. The incident, linked to the DataCarry, occurred within the vendor environment and did not involve Volvo’s internal systems, but forensic analysis confirmed that employee data had been stolen.
The exposed information included employee names and Social Security numbers for some U.S.-based staff, with around 870,000 records affected across Miljödata’s client base. Volvo notified regulators, offered 18 months of credit monitoring to impacted employees, and began tightening vendor security requirements. The breach highlighted how third-party failures can directly expose enterprise employee data.
Company Name: Kering Data Breach
Source: BBC
Date: 09/15/2025
Kering confirmed that its brands Gucci, Balenciaga, and Alexander McQueen were targeted in a ransomware attack that stole sensitive internal data through third-party systems. The attackers threatened to leak the data unless a ransom was paid, though no confirmation of payment was provided.
The exposed information reportedly included internal business files, employee data, and design or operational documents, with the number of affected individuals still unclear. The companies are working with cybersecurity experts to assess impact and prevent further leaks, underscoring how luxury brands have become high-value ransomware targets due to their valuable intellectual property and reliance on external vendors.
Company Name: European Airports Data Breach
Source: World Economic Forum
Date: 09/19/2025
Major European airports, including Heathrow Airport, Brussels Airport, and Berlin Brandenburg Airport, faced widespread disruption on September 19, 2025, following a cyberattack on the passenger processing platform operated by Collins Aerospace. The compromised MUSE and vMUSE systems are widely used across airlines and airports, allowing the incident to spread quickly across borders and cause operational breakdowns at multiple hubs. While the attack focused on system disruption rather than confirmed data theft, the vendor platform handled sensitive aviation operations, making potential exposure a concern.
The outage led to flight cancellations, long queues, and tens of thousands of stranded passengers as airports reverted to manual processes for boarding and baggage handling. Regulators later confirmed the incident involved ransomware, triggering investigations and increased scrutiny of aviation infrastructure resilience. The event highlighted a critical weakness in shared third-party dependencies, showing how a single vendor failure can cascade across the aviation sector and disrupt even highly regulated, safety-critical environments.
Company Name: Wealthsimple
Source: NCFA
Date: 09/9/2025
Wealthsimple disclosed a security breach after attackers gained unauthorized access through a compromised third-party vendor account connected to its operations. The incident allowed access to certain customer records, though Wealthsimple confirmed that core banking and trading systems were not affected. No funds were stolen, and no payment credentials or passwords were exposed, but the breach raised concerns due to the sensitive nature of financial platforms.
The exposed data included customer names, email addresses, limited account-related information, and some activity metadata. While exact numbers were not shared, even a small portion of Wealthsimple’s more than 3 million users represents a meaningful impact. The company cut off vendor access, engaged external cybersecurity experts, notified regulators, and began alerting affected customers. The incident reinforced a key reality for fintech firms, as third-party access can quickly become a primary risk even when internal systems remain secure.
Company Name: Harrods
Source: BBC
Date: 09/27/2025
Harrods disclosed a data breach after attackers accessed systems linked to customer services and loyalty programs, likely through phishing and stolen credentials. The incident did not expose full payment card data but raised privacy concerns due to the nature of the affected systems.
The exposed information included customer names, contact details, loyalty IDs, partial payment data, and purchase history, potentially affecting tens of thousands of customers. Harrods contained the breach, notified impacted users, engaged external security experts, and began coordinating with regulators, highlighting how loyalty platforms remain attractive targets for data misuse and fraud.
10. Top Data Breaches in October 2025
Title: Cyber Incidents in Texas
Source: The Record
Date: 10/17/2025
Several U.S. local governments reported cyber incidents in October 2025 that disrupted public services. Kaufman County in Texas, La Vergne in Tennessee, and DeKalb County in Indiana all took systems offline after detecting suspicious activity, leading to outages in payments, court operations, and internal access. Emergency services remained operational, but residents faced delays and limited access to routine services.
No data theft has been confirmed so far, with investigations focused on service disruption and system lockouts. The incidents forced offices to close temporarily, rely on manual processes, and postpone hearings while law enforcement and cybersecurity teams responded. The events highlighted how disruptive attacks on local governments can quickly impact daily civic services, reinforcing the need for strong preparedness and recovery planning.
Company Name: Qantas Airlines
Source: The New York Times
Date: 10/15/2025
Qantas Airways disclosed a data breach after attackers accessed customer information through a third-party contact centre platform. Core airline systems and safety were not affected, but some of the stolen data later appeared on dark web forums, confirming exposure through the vendor environment.
The breach affected about 5.7 million customer records and exposed names, email addresses, and Frequent Flyer numbers, with additional personal details impacted for a subset of users. Payment and passport data were not involved. Qantas secured the platform, notified customers, and coordinated with cybersecurity experts and authorities, highlighting the ongoing risk of third-party systems holding sensitive customer data.
Company Name: SimonMed
Source: Fox News
Date: 10/10/2025
SimonMed Imaging disclosed a cyberattack in early 2025 after suspicious activity was detected following a vendor alert. Investigations confirmed data exfiltration between January 21 and February 5, with the Medusa claiming responsibility and issuing ransom demands.
The breach impacted about 1.27 million individuals and exposed sensitive healthcare and personal data. SimonMed responded by enforcing password resets, enabling multi-factor authentication, restricting vendor access, and notifying affected individuals with identity and credit monitoring support, highlighting how quickly third-party access can lead to large-scale PHI exposure.
Company Name: Gmail
Source: Forbes
Date: 10/21/2025
A massive dataset built from infostealer malware logs was analyzed and added to Have I Been Pwned as “Synthient Stealer Log Threat Data,” containing credentials for roughly 183 million unique email accounts. The data was harvested from infected user devices over time and includes passwords captured at login. Google clarified that this was not a breach of its systems and that claims of a Gmail-specific hack are inaccurate.
The exposed records include email addresses, associated passwords, and metadata about where those credentials were entered, which can include Gmail among many services. About 16.4 million of the emails had not appeared in prior public datasets. While Google emphasized existing protections and encouraged 2-step verification or passkeys, the incident highlighted a recurring risk: compromised endpoints enable attackers to reuse valid credentials across services, increasing the chance of account takeover when passwords are reused.
Company Name: Oracle
Source: Cybersecurity Dive
Date: 10/06/2025
Attackers targeted Oracle E-Business Suite customers with extortion emails claiming data theft. Mandiant linked the activity to the CL0P and exploitation of an Oracle EBS zero-day tracked as CVE-2025-61882. Oracle confirmed the campaign and issued an emergency security alert with patch guidance.
The flaw enabled unauthenticated remote code execution, allowing theft of ERP data tied to finance, HR, and supply chain modules at some victims. While the exact scope remains unknown, dozens of organizations were affected. Oracle urged customers to patch immediately, restrict internet exposure, and monitor for suspicious activity, highlighting the high risk of internet-facing ERP systems.
Company Name: Envoy Airlines
Source: Bleeping Computer
Date: 10/17/2025
Envoy Air confirmed a data breach involving its Oracle E-Business Suite environment during an extortion campaign linked to the CL0P and the zero-day CVE-2025-61882. The flaw was exploited before Oracle released a patch, and although “American Airlines” appeared on a leak site, the affected system belonged to Envoy.
Envoy said a limited amount of business and commercial contact data may have been exposed, with no impact to customers or flight operations. The company notified law enforcement and began an investigation, while Oracle issued security alerts and fixes, reinforcing the risk faced by unpatched ERP systems.
Company Name: F5 Source Code
Source: Unit42
Date: 10/15/2025
F5 disclosed on October 15, 2025 that a nation-state actor had long-term access to internal systems and stole portions of BIG-IP source code, details of undisclosed vulnerabilities, and some customer configuration data. The risk prompted CISA to issue an Emergency Directive for rapid mitigation.
While no consumer data was exposed, the incident increased the risk of exploit development and targeted attacks against organizations using F5 BIG-IP. F5 released security guidance and updates and stated there was no supply-chain tampering, underscoring the need for rapid patching and close monitoring of critical vendor platforms.
11. Top Data Breaches in November 2025
Company Name: Under Armour
Source: Cyber News
Date: 11/17/2025
Under Armour disclosed a ransomware incident after attackers accessed internal corporate systems and unauthorized files. The threat group claimed data linked to millions of records was stolen, though Under Armour has not confirmed the scale and continues forensic investigations.
The exposed data is believed to include internal documents and employee-related records, causing internal disruption and regulatory and reputational risk. Under Armour isolated affected systems, engaged external incident response teams, and notified authorities, underscoring how ransomware campaigns now focus on data theft rather than encryption alone.
Company Name: Mixpanel
Source: The Indian Express
Date: 11/27/2025
OpenAI confirmed a data exposure incident after its analytics provider, Mixpanel, experienced unauthorized access. Attackers accessed event logs stored within Mixpanel’s environment that contained limited OpenAI API customer metadata. The incident was confined to Mixpanel’s systems and did not involve OpenAI’s core infrastructure, models, or production platforms.
The exposed data included user IDs, project identifiers, customer email addresses, and usage-related metadata. OpenAI confirmed that no API keys, passwords, payment details, model outputs, or fine-tuned data were involved. OpenAI disabled the Mixpanel integration, notified impacted customers, and began auditing all external analytics pipelines, while Mixpanel secured access and engaged forensic experts. The incident highlighted how analytics tools can unintentionally expose sensitive metadata and why strict controls on logging fields and third-party data sharing are essential.
Company Name: DoorDash
Source: Mobile Syrup
Date: 11/13/2025
DoorDash confirmed a data breach after attackers gained unauthorized access through a compromised third-party service provider. The intrusion exposed customer and driver information handled by the vendor and added to concerns about recurring weaknesses across DoorDash’s extended partner ecosystem. While the company did not disclose the exact entry method, the breach was limited to the vendor environment and not DoorDash’s core systems.
The exposed data included customer names, email addresses, phone numbers, partial card details, and certain driver account information, with full payment data, bank details, and passwords confirmed as unaffected. DoorDash did not share precise numbers but said users and drivers connected to the vendor during the affected period were impacted. The company cut off vendor access, launched an investigation with external experts, notified authorities, and began customer and driver notifications, reinforcing the ongoing risk posed by third-party access to large volumes of user data.
Company Name: Oracle
Source: Z2 Data
Date: 11/25/2025
Oracle disclosed a data breach after attackers accessed a portion of its cloud environment due to misconfigured resources. The exposure affected a subset of Oracle cloud services used by enterprise customers and allowed external access to stored customer data. The issue was tied to configuration gaps rather than a failure of Oracle’s core platforms.
The exposed data included customer names, email addresses, company details, support files, and internal configuration information, with no passwords, financial data, or source code involved. Oracle did not confirm exact numbers, though researchers estimate hundreds of organizations may be impacted. Oracle secured the affected resources, worked with customers and regulators, and issued updated configuration guidance, reinforcing that cloud misconfigurations remain a common cause of large-scale data exposure without continuous checks and monitoring.
Company Name: Customer Data from Wall Street Banks Exposed
Source: CyberNews
Date: 11/24/2025
A third-party service provider used by major Wall Street institutions disclosed a breach that exposed customer information linked to JPMorgan Chase, Citigroup, and other financial firms. Attackers accessed the vendor’s systems and extracted files containing client records handled on behalf of these banks. The incident did not stem from the banks’ core systems but from the shared vendor environment.
The exposed data included customer names, contact details, and account-related identifiers, with no passwords, full bank account numbers, or transaction authorization data reported. While exact figures were not disclosed, early reports suggested tens of thousands of customers across multiple institutions could be affected. JPMorgan, Citi, and others worked with the vendor to contain the breach, notified customers and regulators, and began tighter reviews of vendor access and data-handling practices, highlighting how weaknesses in shared providers can impact multiple banks at once.
Company Name: Swiss Bank
Source: CyberNews
Date: 11/05/2025
A Swiss bank disclosed a cyberattack after a threat group claimed it had accessed internal systems and stolen sensitive customer information. The attackers alleged they extracted internal files tied to client operations and financial records. The bank confirmed that some systems were compromised, but stated that the full scope of the intrusion is still under investigation and has not yet been fully determined.
According to early claims from the attackers, the stolen data may include customer names, account-related details, internal correspondence, and selected financial documents, potentially affecting thousands of customers. The bank has not validated these figures and said final numbers will depend on ongoing forensic analysis. In response, the bank isolated affected systems, engaged external cybersecurity experts, notified authorities, and began contacting impacted customers while strengthening internal and third-party access controls.
Company Name: Askul
Source: The Record
Date: 11/03/2025
Askul confirmed a data leak after a Russia-linked threat group claimed responsibility for a cyberattack on its systems. The attackers alleged they accessed internal servers and extracted customer and operational files. Askul acknowledged unauthorized access and said it is still assessing the full scope of the incident through ongoing forensic analysis.
The exposed data is believed to include customer names, contact details, order information, and internal retail documents, while payment card data was not involved. Although Askul has not shared final figures, early reports suggested thousands of customers could be affected. The company isolated impacted systems, engaged external cybersecurity specialists, notified authorities, and began customer communications, reinforcing the risk retailers face when handling large volumes of personal and operational data.
Company Name: Hyundai AutoEver America
Source: Fox 59
Date: 11/25/2025
Hyundai AutoEver America disclosed a data breach after identifying unauthorized access to systems holding employee and corporate information. The incident supports Hyundai and Kia operations in the U.S. and prompted Levi & Korsinsky, LLP to open an investigation to assess the scope of exposure and potential legal obligations. The breach affected internal systems rather than customer vehicle data, and reviews are still ongoing to determine full impact.
The exposed information may include employee names, contact details, and HR-related records, with no financial data or customer vehicle information involved. While an exact figure has not been shared, early reports suggest several thousand current and former employees could be impacted. Hyundai AutoEver secured the affected systems, engaged external security specialists, notified employees, and began working with regulators and legal teams while offering support services such as identity protection.
Final words:
Companies of all sizes were affected by this incident, underscoring the urgent need for robust cybersecurity measures. Don’t become tomorrow’s headline! Strobes offers expert VAPT, red teaming, and other offensive security services to uncover vulnerabilities before malicious actors can exploit them. Take control of your cybersecurity posture and empower your business with Strobes. Contact us today!
