- Phone: 0121 389 9022
- Email: sales@rs22.co.uk
01 Jan
What a Year!
2025 was another big year for the Cyber Security industry.
We’ve compiled a list of some of the most widely publicised hacks, attacks and breaches that occurred during the year to give a snapshot of the industry for those who’ve not had time to lift their attention outside their own labours. These headlines are a cautionary tale for any businesses that uses the internet. As this list proves, regardless of size or scale, Information Security is a ubiquitous issue. And if you’re struggling to obtain budget for solid IT Security defences, you can do worse than to share this summary with the Board.
Billions in financial losses are only the tip of the iceberg; as the knock-on effects, the compromised data from customers, the damages to reputation, the supply chain issues, all these and more have far greater implications to the longevity of any business.
And here's what happened
- Jaguar Land Rover (JLR) Cyber Attack (August-September 2025): A crippling ransomware-style attack (widely regarded as one of the most economically damaging in UK history) severely disrupted production and sales for weeks, halting operations at multiple factories. Estimated costs reached £1.9 billion ($2.5 billion), with massive ripple effects on the UK economy affecting over 5,000 organizations through supply-chain disruptions.
- Bybit Cryptocurrency Exchange Hack (February 2025): North Korea-linked Lazarus group executed the largest crypto theft in history, stealing around $1.5 billion in digital assets. This single incident fuelled a massive surge in crypto thefts (over $2.47 billion total in the first half of 2025), highlighting state-sponsored threats to financial ecosystems and contributing to record quarterly losses in the sector.
- Marks & Spencer (M&S) Ransomware Attack (April 2025): Scattered Spider group used social engineering on third-party vendors to gain access, disrupting online shopping, payments, and in-store operations for weeks. The attack caused up to £300 million in losses, exposed customer data, and became a high-profile example of retail sector vulnerability with significant reputational and operational fallout.
- Co-op (UK) Cyber Attack (April 2025): Severe incident exfiltrated significant member data despite quick IT shutdown preventing full ransomware deployment. Affected millions in consumer cooperatives, with lasting data exposure risks
- Microsoft SharePoint “ToolShell” Zero-Day Exploitation (Mid-2025): Attackers chained critical vulnerabilities (CVE-2025-53770 and CVE-2025-53771) in on-premises SharePoint servers, compromising hundreds of systems globally (at least 396 confirmed). Targeting government, healthcare, and critical sectors, it enabled widespread data theft and persistence, marking a major escalation in zero-day supply-chain risks.
- 16 Billion Credential Mega-Leak (Mid-2025): Researchers uncovered 30 exposed datasets aggregating over 16 billion login credentials from platforms like Google, Facebook, Apple, and others (via infostealer malware). One of the largest credential exposures ever, it created massive risks for identity theft, account takeovers, and follow-on attacks across industries.
- Ingram Micro Ransomware Attack (July 2025): SafePay ransomware disrupted the world’s largest IT distributor during a holiday period, severing supply chains for vendors like Apple, Microsoft, and Cisco. The incident affected tens of thousands of resellers globally, causing widespread operational halts and highlighting critical infrastructure dependencies.
- Salesloft Drift / Salesforce Supply-Chain Compromises (2025): Attackers stole OAuth tokens from Salesloft-owned Drift, breaching Salesforce CRM instances of numerous high-profile companies (including cybersecurity vendors like Palo Alto Networks and Zscaler). This led to widespread data theft, exposing sensitive customer data and demonstrating the dangers of interconnected SaaS ecosystems.
- Asahi Brewing Ransomware Attack (September 2025): Qilin ransomware caused a “system failure” suspending operations in Japan, with 27 GB of data stolen and leaked. The attack disrupted a major global brewer, causing production halts and underscoring ransomware’s impact on manufacturing and consumer goods.
- Oracle E-Business Suite Extortion Campaign (July-October 2025): Cl0p group exploited zero-days to target hundreds of enterprises’ ERP systems, stealing payroll, HR, and financial data. Aggregate exposure reached multi-billion dollars, with extortion emails sent to executives and massive downstream risks for affected organizations.
- Crimson Collective Cloud Extortion (October 2025): Group exfiltrated 570 GB from 28,000 repositories, including API keys, credentials, and configs from clients like IBM, AmEx, NSA, and DoD. This cloud-centric attack exposed high-profile infrastructure, enabling follow-on threats and spotlighting AWS environment vulnerabilities.
- SimonMed Imaging Ransomware (October 2025): Medusa group stole data from around 1.2 million patients, demanding $1 million. Exposed sensitive health info caused major privacy concerns in healthcare, with ongoing investigations and potential identity theft fallout.
- Vietnam Airlines Data Leak (October 2025): 23 million customer records leaked on forums after a third-party breach. Created one of the largest regional phishing risks, with widespread personal data exposure.
- Ascension Healthcare Breach (May 2025): Third-party vendor compromised exposed patient data from a major U.S. nonprofit system (140+ hospitals). Ideal for medical identity theft, disrupting care and highlighting healthcare supply-chain weaknesses.
- Salt Typhoon / China-Linked Telecom Espionage (Ongoing into 2025): Persistent APT attacks on U.S. telecoms for espionage, compromising highly defended systems. Undetected for long periods, it raised national security alarms and underscored visibility gaps in critical infrastructure.
- Scattered Spider Retail Onslaught (April onward 2025): Series of attacks (including M&S, Co-op) via social engineering and third-parties disrupted UK/EU retail. Caused widespread service outages, financial losses, and a “siege” on the sector.
- F5 BIG-IP Vulnerability Exploitation (Late 2025): Major network security vendor breach exposed configurations, enabling further attacks. Cascading risks to downstream organizations relying on F5 gear.
- Kido International (London Nurseries) Ransomware (September 2025): Theft of data on approximately 8,000 children (names, photos, addresses), with threats to publish. Highly sensitive child data exposure led to arrests and major privacy concerns in education.
Whew!
It’s food for thought, right?
Not in the least because included here are some of the businesses with the biggest budgets for IT Security, yet they too can still fall victim to the attention of the Data Bandits. But also, because there were simply too many businesses (literally hundreds of thousands) that didn’t make the list despite suffering significant attacks.
Just remember this, there is no business that’s ‘too small to be a target’. A hungry fox might prefer juicy chickens but will eat a scrawny frog when its hungry enough.
It’s only by making the most of the IT Security resources available to you in both budget and quality that you can deter Data Bandits long enough for them to lose interest and pursue meatier and easier prey.
Related Post
Recent Posts
Reliable. Secure.
RS22
Unit 5, Three Spires House, Station Road, Lichfield, Staffordshire. WS13 6HX
Recent Comments