Janardhan NDid you know a cyberattack happens somewhere in the world every 39 seconds?
Cybercrime is no longer just a headline – it’s today’s harsh reality.
Last year, global cybercrime costs were recorded at $9.5 trillion, and by 2025, that number is expected to reach $10.5 trillion.
The real question is: who’s going to get hit the hardest this year?
According to IBM’s report, healthcare was the most expensive industry for cyberattacks, with the average breach costing $7.42 million.
Financial institutions weren’t far behind, facing more attacks than most other industries.
With numbers like these, cybercrimes aren’t going down. Month after month, they’re finding new ways to break in, steal, and disrupt.
In this blog, we’ll look at the biggest cyber threats that made headlines this year, tracking them month by month to see how they unfolded and what they mean for all of us.
Top cyber attacks of this year
- New York Blood Center Ransomware Attack
- DeepSeek AI Cyber Attack
- Bybit Cryptocurrency Heist
- Tata Technologies Ransomware Attack
- Marks and Spencer (M&S) Ransomware Attack
- Coca-Cola Hack
- Adidas Data Breach
- 16 Billion Credentials Dump
- McLaren Ransomware
- Louis Vuitton Breach
One Breach Costs Crores. Covering Yourself Costs ₹49,000/Year*
Save big tomorrow by acting today. We provide round-the-clock cyber coverage backed by fast claims and expert support.
January 2025: A Month of Digital Chaos
New York Blood Center (NYBC) Ransomware Attack
Ransomware forced the NYBC to suspend donations and disrupted services across New York. Sensitive donor and patient data were stolen.What Happened:
- Attackers crippled IT systems on Jan 26, forcing hospitals to manage blood shortages.
- Files with thousands of donor and patient records were exfiltrated.
- Hackers threatened to publicize sensitive information unless a ransom was paid.
What Can Be Done:
Maintain encrypted, offline backups of sensitive donor/patient data. Implement network segmentation in critical health IT systems to prevent the spread of lateral ransomware.
TalkTalk Data Breach
Hackers accessed a customer database, exposing personal information, although no card details were compromised.What Happened:
- Data included names, phone numbers, and account details.
- No financial or card data exposed.
- TalkTalk confirmed it secured the affected systems and alerted users.
What Can Be Done:Did you know it is predicted that cybercrime losses in India are going to reach $200 billion in 2025. Learn more about cyber insurance and why it’s getting popular in India
Companies must encrypt all customer databases and enforce multi-factor authentication for all customer portals.
Conduent Government Payments Contractor Attack
Government contractor Conduent suffered a cyberattack that disrupted tolling, Medicaid, and benefit payments.What Happened:
- This incident caused delays in public disbursements.
- Services included Medicaid, toll collection, and state benefits.
- The number of affected citizens was not publicly disclosed.
What Can Be Done:
Governments and enterprises must enforce strict vendor security audits and deploy real-time monitoring of contractor networks to ensure optimal security.
Power School Data Breach
Hackers stole sensitive data from the education giant PowerSchool, affecting schools across the US and Canada.What Happened:
- Breach impacted 45M+ students and staff.
- Stolen data: names, addresses, grades, medical info, Social Security Numbers.
- Attackers demanded a $2.85M ransom.
What Can Be Done:
Schools must adopt EDR/XDR tools to monitor intrusions and follow zero-trust policies for accessing student/teacher records.
Plug-and-Protect” Isn’t Just a Buzzword Here
At just ₹1,600/endpoint, get your personalized advanced EDR solution with zero hidden fees.
PowerSchool Data Breach
Hackers stole sensitive data from the education giant PowerSchool, affecting schools across the US and Canada.What Happened:
- Breach impacted 45M+ students and staff.
- Stolen data: names, addresses, grades, medical info, Social Security Numbers.
- Attackers demanded a $2.85M ransom.
What Can Be Done:
Schools must adopt EDR/XDR tools to monitor intrusions and follow zero-trust policies for accessing student/teacher records.
DeepSeek AI Cyber Attack
AI company DeepSeek temporarily shut down after a cyberattack targeting its training systems.What Happened:
What Can Be Done:
Implement a Multi-Layered Security Architecture with AI-Driven Defenses.
February 2025: A Month of Digital Deception
Microsoft 365 Device Code Phishing Attack
Hackers turned Microsoft’s own login flaw into a trap, tricking victims into entering codes on fake sites and walking away with corporate accounts.What Happened:
- Attackers abused device code authentication in Microsoft 365.
- Victims were led to fake portals that looked like legitimate login pages.
What Can Be Done:Check out these leading cloud access security (CASB) solution providers protecting India’s major industry players.
Educate staff on phishing emails and enforce strong MFA that cannot be bypassed by code entry.
WhatsApp Spyware Hack
A zero-click spyware attack targeted WhatsApp users, enabling the malware to install itself without any user action.What Happened:
- State-sponsored group suspected behind the campaign.
- Exploit allowed the remote installation of spyware without user action.
- Hackers could access messages, calls, files, and device metadata.
What Can Be Done:
Regularly update and patch messaging apps. Encourage executives to use hardened communication apps with stronger security protocols.
Bybit Cryptocurrency Heist
Hackers proved once again that digital gold is easy pickings – $10M in crypto drained in a blink, leaving customers fuming.What Happened:
- Attackers breached hot wallets, siphoning funds from customers.
- Losses exceeded $10 million in digital assets.
- Bybit temporarily paused withdrawals to contain the damage.
What Can Be Done:
Exchanges must segregate customer funds into cold wallets that require multi-signature approval.
Don’t Let Your Business Become the Next Breaking Story
Mitigata arms 800+ companies with cyber resilience tools so they never appear on breach reports.
IoT Data Breach
A misconfiguration exposed 2.7 billion records from IoT devices, proving that our “smart” gadgets are quietly stockpiling more data than we think.What Happened:
- Database exposed records from smart homes and industrial IoT.
- Data included device IDs, geolocation information, and user details.
- Cause: misconfigured database, not a direct hack.
What Can Be Done:
Customers should regularly review their device’s privacy settings, as the default setting isn’t always safe.
Finastra Data Breach
One of the world’s largest fintech firms had its internal systems compromised, raising alarms across the banking sector.What Happened:
- Hackers gained access to internal networks and client data.
- Finastra partners with global banks, so ripple effects could be wide-reaching.
- The company did not disclose exact impact numbers.
What Can Be Done:
Financial institutions must classify vendor access as high-risk and implement stricter monitoring measures.
March 2025: From Classrooms to Banking Systems
11. New York University (NYU) Data Breach
When students were logging into class portals, hackers were already inside. NYU had to shut down its systems and scramble to reset passwords.What Happened:
- Hackers broke into NYU’s website and grabbed student and faculty data.
- Stolen records included names, university email addresses, and login credentials.
- NYU responded with forced password resets and system lockdowns.
What Can Be Done:
Universities should adopt stricter access monitoring and invest in identity protection tools to safeguard academic data.
Tata Technologies Ransomware Attack
The ransomware itself happened earlier, but the real pain began in March when attackers dumped the loot online.What Happened:
- More than 200 GB of data was leaked, including employee records, client files, and internal documents.
- Breach stretched across Tata Technologies’ global operations.
- Attackers employed the double extortion tactic: encrypt first, then leak.
What Can Be Done:
Companies with international reach need layered ransomware defence plans that include both rapid containment and strict data backup policies.
The Stories You Read Today Could Be Your Future Tomorrow
Partner with Mitigata and get comprehensive cyber coverage before an incident slows you down.
GitHub Actions Supply Chain Attack
The software you trust might already carry someone else’s code. This month, attackers proved how fragile workflows can be.What Happened:
- Hackers exploited GitHub Actions workflows inside open-source projects.
- They injected malicious code that trickled into downstream users.
- Dozens of repositories were compromised before GitHub took action.
What Can Be Done:
Developers must review third-party workflows thoroughly before integrating them and closely monitor dependencies.
Cyber Attack on Ukrainian Railways
This was not just an IT incident. The attack delayed trains across the nation, showing how transport infrastructure remains a prime target.What Happened:
- Cyber attack hit ticketing and scheduling systems.
- Trains were delayed on major routes.
- Officials linked the campaign to Russian-backed hackers.
What Can Be Done:Hackers backed by states are on the rise🔥Understand how the war exclusion clause on cyber insurance could fail you.
Critical infrastructure operators should prioritise network segmentation and invest in incident response simulations to prepare for politically motivated disruptions.
Sepah Bank Cyberattack
One of Iran’s major banks saw its sensitive financial data exposed, putting both customers and state agencies in the spotlight.What Happened:
- Hackers breached Sepah Bank’s systems.
- Stolen data included customer banking records and internal account details.
- The breach sparked debate due to the bank’s close ties with state agencies.
What Can Be Done:
Banks must treat internal records as Tier-0 assets and enforce zero-trust principles to limit exposure even when systems are breached.
April 2025: Breaches Across Retail, Health, and Government Sectors
Marks and Spencer (M&S) Ransomware Attack
Retail giant M&S faced ransomware that disrupted internal systems and exposed sensitive corporate files.What Happened:
- Hackers accessed internal networks and stole files, including employee records and supply chain data.
- Some stolen materials were later posted on dark web forums.
- Operational disruptions affected retail services, but stores remained largely open.
What Can Be Done:
Conduct regular penetration testing to identify vulnerabilities and ensure offline backups for all critical data.
Get instant alerts on what's happening in the Shadows of the Web
From brand monitoring to phishing and dark web alerts, Mitigata Console flags early signs of breaches before they escalate.
Yale New Haven Health System Breach
A ransomware attack compromised the personal data of millions, showing that even top healthcare institutions are vulnerable.What Happened:
- 5.5 million patient records were exposed, including medical record numbers and insurance details.
- This data breach makes this one of the largest breaches of 2025.
- Incident caused urgent internal investigations and notifications to affected patients.
What Can Be Done:
Adopt regular ransomware drills and access control for sensitive medical data.
Blue Shield of California Data Exposure
Blue Shield reported that a misconfiguration led to accidental data sharing with Google Ads over several years.What Happened:
- Google Analytics misconfiguration led to the sharing of data with Google Ads.
- Affected 4.7 million individuals, including names, insurance information, and claims data.
- Exposure went undetected for years before being fixed.
What Can Be Done:Do you know that 74% of data breaches in 2023 occurred due to the misuse of privileged credentials? Do check out which PIM tools are redefining how brands manage their product data.
Regularly audit all marketing and limit sensitive data sent to third-party platforms.
Phishing Attacks on Corporate Email Platforms
Hackers turned trusted email marketing platforms into tools for scamming users into backing up cryptocurrency wallet seed phrases.What Happened:
- Platforms affected included Mailchimp, SendGrid, HubSpot, Mailgun, and Zoho.
- Attackers hijacked legitimate accounts to send phishing emails.
- Users were tricked into revealing cryptocurrency wallet seed phrases, bypassing security filters due to the trusted sender addresses.
What Can Be Done:
Give phishing training to employees and enforce MFA for all corporate email accounts.
Morocco’s Social Security Database Hack
Nearly 2 million citizens had personal and financial information leaked online in a high-profile attack.What Happened:
- Hackers, linked to Algeria, accessed the National Social Security Fund database.
- Data from 2 million people and 500,000 companies was exposed.
- Exposed information included names, salaries, and company contribution records.
What Can Be Done:
Encrypt all sensitive citizen data and continuously monitor for abnormal access patterns to ensure data integrity.
Cyber Attacks in May 2025: Global Giants Face Data Disasters
Coca-Cola Ransomware Attack
Hackers breached Coca-Cola’s systems, stealing employee HR records and leaking data after ransom demands were rejected.What Happened:
- Exposed data included names, addresses, phone numbers, and HR files of current and former employees.
- Hackers posted samples on the dark web as proof.
- The attack highlights the rising risks for global consumer brands.
What Can Be Done:
Companies should prioritise employee data security with strict access controls, encrypted storage, and regular ransomware resilience testing.
Coinbase Insider Threat & Data Leak
A breach linked to insider assistance resulted in the theft of employee and customer service records at Coinbase.What Happened:
- Hackers exploited internal access, highlighting staff-level vulnerabilities.
- Leaked files contained employee details and internal process documents.
- Raises significant questions about insider threat monitoring in the finance sector.
What Can Be Done:Since 2023, there has been a significant rise in network and VPN attacks, underscoring the need for ZTNA more than ever. Check out these best Zero Trust Network Access service providers.
Financial institutions require Zero Trust policies and continuous monitoring of insider activity to prevent privilege abuse.
Adidas Data Breach
Adidas reported that attackers broke into its online store systems and accessed customer accounts.
What Happened:
- Data stolen included names, emails, purchase history, and partial payment details.
- Users were urged to reset passwords immediately.
- Retail brands remain top targets due to valuable consumer databases.
What Can Be Done:
E-commerce platforms should enforce MFA for customers, secure payment gateways, and deploy real-time breach detection.
Ascension Healthcare Data Breach
One of the largest healthcare providers in the U.S. suffered a cyberattack, exposing millions of patient records.
What Happened:
- Stolen data included medical records, insurance details, and personal identifiers.
- Some hospital operations faced temporary disruption.
- Healthcare breaches remain among the costliest in terms of recovery and fines.
What Can Be Done:
Healthcare providers should adopt HIPAA-compliant data encryption and maintain backup systems to ensure uninterrupted patient care.
E-commerce platforms should enforce MFA for customers, secure payment gateways, and deploy real-time breach detection.
Healthcare providers should adopt HIPAA-compliant data encryption and maintain backup systems to ensure uninterrupted patient care.
When Hackers Target Hospitals, Response Must Be Instant
Our MDR solution delivers real-time detection and expert-led incident response around the clock.
AT&T Data Leak
AT&T has confirmed a significant data leak that affected millions of customers due to an incident involving a third-party vendor.What Happened:
- Leaked information included Social Security numbers, account credentials, and contact details.
- AT&T reset passwords and notified impacted users.
- The case highlights supply chain and vendor-related risks.
What Can Be Done:
Companies must implement third-party risk management and enforce security audits for all vendors handling sensitive data.
June 2025: From Password Dumps to Airline Breaches
16 Billion Credentials Data Dump
A staggering 16 billion login details resurfaced on hacker forums, reigniting risks from past breaches.What Happened:
- Database contained emails, usernames, and passwords.
- Mostly compiled from older breaches but re-shared in bulk.
- Users reusing passwords across accounts faced the highest risk.
What Can Be Done:Ever wondered who watches over cyber threats 24/7? Find out here 🕵️
Everyone should enable multi-factor authentication (MFA), rotate old passwords, and refrain from reusing credentials across different platforms.
United Natural Foods (UNFI) Cyberattack
UNFI, the biggest supplier for Whole Foods and other grocers, was hit by a cyberattack that shut down its IT systems.What Happened:
- Deliveries were delayed due to system shutdowns.
- The company has not confirmed whether customer data was stolen.
What Can Be Done:
Supply chain businesses should invest in disaster recovery plans and network segmentation to limit operational fallout.
Zoomcar Data Breach
Car-sharing app Zoomcar disclosed a major data breach that exposed both driver and rider details.What Happened:
- Leaked information included names, emails, phone numbers, and trip records.
- Company warned customers about phishing attempts using stolen data.
- Attack highlights the growing risks in mobility and ride-sharing platforms.
What Can Be Done:
Mobility platforms must deploy real-time fraud detection and educate users on phishing red flags to prevent fraudulent activity.
McLaren Health Care Ransomware Attack
The INC Ransom group hit McLaren Health Care, compromising the records of 743,000 patients.What Happened:
- The stolen files included names, Social Security numbers, insurance information, and medical details.
- Some of the stolen data was posted online.
- Attack caused major concerns for patient privacy and compliance.
What Can Be Done:
Healthcare organisations should implement network isolation and offline backups to recover quickly from ransomware events.
WestJet Airlines Data Breach
WestJet Airlines confirmed a breach in which its frequent flyer program was compromised, resulting in the leak of customer loyalty account details.What Happened:
- Data included names, contact information, and loyalty numbers.
- The airline reset affected accounts and launched an investigation.
What Can Be Done:Think antivirus and VPN are enough? Check out why thousands of Indian companies trust these top EDR solution providers.
Travel companies should adopt tokenisation of loyalty data and strict monitoring of unusual login attempts.
Cyber Attacks of July 2025: From Fast Food to First-Class
McDonald’s Job Applicant Data Exposure
McDonald’s recruitment platform suffered a breach that exposed thousands of candidate records.What Happened:
- Data included names, emails, phone numbers, and work histories.
- McDonald’s secured the system and started notifying affected applicants.
What Can Be Done:
Recruitment systems are goldmines for attackers. Companies should encrypt applicant data and monitor for unauthorised access to hiring platforms.
Singapore’s Critical Infrastructure Attack
Singapore confirmed ongoing cyber-espionage by UNC3886 targeting energy and transport systems.What Happened:
- Attacks focused on disruption potential across energy, water, transport, and government systems.
- The attack exploited zero-day vulnerabilities in vendors such as Fortinet, VMware, and Juniper to gain stealthy access.
What Can Be Done:
Critical infrastructure needs layered defences, including segmentation, strict access controls, and real-time threat intelligence.
What Hackers Whisper, We Hear Loud and Clear
With features like brand monitoring, third-party risk management, and attack simulation, our Mitigata Console prepares you for the attacks of tomorrow.
Louis Vuitton Data Breach
The luxury retailer confirmed a massive leak affecting customers across multiple regions – including Hong Kong, Turkey, UK, South Korea, and beyond.
What Happened:
- Stolen data included names, purchase history, and partial payment info.
- Password resets and fraud monitoring were rolled out immediately.
What Can Be Done:
Luxury retailers should apply fraud analytics and tokenisation to protect sensitive customer data from resale on dark markets.
Qantas Airlines Cyber Incident
Frequent flyers, nearly 6 million customers, may have had personal data exposed via a third-party call center platform.
What Happened:
- Hackers accessed customer contact center data, exposing information like names, email addresses, frequent flyer details, birth dates, and addresses.
- Qantas contained the breach, locked affected accounts, and launched forensic investigations.
What Can Be Done:
Airlines should use behavioural biometrics and continuous monitoring to detect unusual account logins promptly.
These 5 privileged access management tools are preventing 48% more security incidents—find out which one fits your business.
Allianz Life Insurance Breach
A social engineering attack on a third-party Salesforce CRM platform exposed sensitive data of approximately 1.1 million U.S. customers.
What Happened:
- Attackers used a malicious Salesforce Data Loader via OAuth to access data.
- Exposed files had names, addresses, policy details, and partial Social Security numbers.
- Allianz offered identity protection to impacted clients.
What Can Be Done:
Financial services firms must encrypt sensitive client data, deploy Data Loss Prevention (DLP) solutions, and conduct insider threat monitoring.
akshit k