Logo

EXPERT INSIGHTS

Major Cyber Breaches of 2025 

2025 has produced a steady stream of major cyber incidents across household name organisations. In most cases the root cause was not a cutting edge attack but familiar issues like weak identity controls third party access and basic misconfiguration. Below is a snapshot of some of the most significant breaches this year and the patterns they continue to expose.

Google Apple Facebook
16 billion credentials
Credential dump compiled from malware infostealers and historic breaches exposing mass password reuse across major consumer platforms

SK Telecom
27 million users
Advanced malware enabled long term access to SIM and subscriber authentication data

Red Hat
570GB across 28000 repositories
Internal GitLab data including API keys credentials and customer infrastructure details exfiltrated

Qantas
5.7 million records
Third party Salesforce integration exploited to steal customer personal data

Allianz Life
2.8 million records
Social engineering led to abuse of CRM admin functions and mass PII extraction

TransUnion
4.4 million records
Misconfigured Salesforce APIs exposed highly sensitive credit and identity data

Farmers Insurance
1.1 million records
Overprivileged third party access enabled large scale customer data exfiltration

Yale New Haven Health
5.5 million records
Third party file transfer vulnerability exposed protected health information

Blue Shield of California
4.7 million records
Google Analytics misconfiguration leaked customer data without a direct breach

Marks and Spencer
300 million pounds lost
Ransomware attack crippled operations following third party social engineering

Most of these incidents did not begin with sophisticated hacking techniques. Instead, they stemmed from reused passwords, excessive access, weak third party controls, or simple misconfigurations.

 The common thread is identity and trust not technology. As organisations add more tools platforms and partners the attack surface quietly expands. Security failures are rarely one big mistake but the result of many small gaps lining up at the same time. The basics still matter and they are still being missed.

Similar posts

The Social Media Ban: What It Means for Your Data

The UK ban on social media for under-16s is definitely going to be welcome by

Arrow-svg READ MORE

Blanket Bans on AI Usage within Development Teams

I spoke to a Software Developer earlier today who is actively looking for a new

Arrow-svg READ MORE

Employment Law Podcast

Will Morris Founder of Profectus Recruitment was delighted to take part in the latest release

Arrow-svg READ MORE

Employment Law Breakfast Seminar

We recently partnered with Boyes Turner in hosting a breakfast seminar “What can we expect

Arrow-svg READ MORE

Modern Workplace Engineers

The demand for Modern Workplace Engineers has increased significantly over the past year. What ‘good’

Arrow-svg READ MORE

Real-Time Data in the UK

Real-Time Data in the UK: 2026 and Beyond  Real-time data is no longer a niche.

Arrow-svg READ MORE
BACK TO INDUSTRY INSIGHTS

Explore our most recent tech openings

VIEW ALL JOBS

Head of Implementation (Medical Equipment)

Berkshire, UK
APPLY NOW

3rd Line Support Engineer

Oxfordshire, UK
40000 - 45000 £ / Year
APPLY NOW

IT Support Engineer

Nottinghamshire, UK
APPLY NOW

Data Migration Specialist

Berkshire, UK
550 - 600 GBP / MONTH
APPLY NOW

Data Architect – Governance

Greater London, UK
80000 - 100000 GBP / Year
APPLY NOW