Inside the Biggest Cyber Breaches of 2025

Enterprises have always been targets. What set 2025 apart was the collision of mass generative artificial intelligence (GenAI) adoption with industrial-scale cybercrime. 

According to cybersecurity firm Check Point, one in every 44 GenAI prompts passing through corporate networks in October carried a high risk of sensitive data leakage. Nearly 87% of organizations using GenAI tools faced exposure risks, while 19% of prompts contained potentially sensitive or proprietary data.

At the same time, attack volumes surged. In the first quarter alone, organizations suffered an average of 1,925 cyberattacks per week, a 47% jump from a year ago.

What followed was a year of breaches that cut across governments, transport, manufacturing, healthcare, crypto and retail.

These were the breaches that blindsided governments, disrupted industries and reshaped corporate risk in 2025:

US Treasury Department Supply Chain Breach 

In March, US authorities publicly attributed a breach of the Treasury Department to China-linked group APT27, also known as Silk Typhoon. 

Attackers entered through a vulnerability in BeyondTrust, a remote support platform used by Treasury offices, gaining access to workstations and unclassified documents. 

The incident was classified as a major cybersecurity breach and emerged as one of the year’s most serious supply-chain attacks.

Conduent Data Theft 

Business process outsourcing firm Conduent disclosed in October that personal data of more than 10.5 million people had been exposed.

The breach, first detected in January, was traced back to unauthorized access that began in October 2024.

Stolen data included Social Security numbers, medical and insurance records. The SafePay ransomware gang later claimed responsibility, saying it had exfiltrated 8.5 TB of data.

The company supports about 100 million US residents via government health programs, toll systems and federally funded payment disbursement services. 

By September, Conduent had incurred $9 million in notification costs and warned that total breach-related expenses would climb to $25 million by early 2026.

Ingram Micro Global Supply Chain Disruption

In July, SafePay struck again, this time hitting Ingram Micro, the world’s largest IT distributor. 

Core systems across Europe, North America and Asia were shut down, halting order processing and license fulfilment for clients including Microsoft and Dropbox.

Analysts estimated losses of $136 million per day at the height of the disruption.

Jaguar Land Rover production shutdown

A cyberattack on Jaguar Land Rover forced UK production to halt for more than five weeks, triggering one of the most severe industrial disruptions in decades.

UK car production fell 27% in September, the weakest output for the month since 1952, according to the Society of Motor Manufacturers and Traders.

The Cyber Monitoring Centre put the economic damage at £1.9 billion, with 5,000 businesses hit indirectly. 

JLR said customer data was not stolen. Full recovery is expected only in early 2026.

Qantas Airways Data Leak

In October, data belonging to 5.7 million Qantas customers surfaced on the dark web following a breach traced to a Salesforce-linked service platform.

Leaked data included names, birth dates, addresses, emails and frequent flyer numbers.

Hackers taunted the airline after releasing the data, writing, “Don’t be the next headline.”

Qantas secured a court injunction to block redistribution and said no payment or passport data was compromised.

Star Health Insurance Breach

India’s Star Health and Allied Insurance suffered one of Asia’s largest healthcare data breaches, with more than 31 million records reportedly compromised.

The attacker, using the alias xenZen, claimed to have stolen 7.24 TB of data, including names, PAN, contact information, policy details and medical records, and put it up for sale.

The situation escalated when threats were emailed to senior executives.

Star Health denied allegations of insider involvement. Multiple investigations remain under way.

CoinDCX Cryptocurrency Theft

India’s largest crypto exchange, CoinDCX, said in July that $44.2 million had been stolen from an internal liquidity wallet.

The breach became public after blockchain investigator ZachXBT disclosed it on Telegram almost 17 hours before the company did.

CoinDCX said customer funds in cold wallets were unaffected and announced an $11 million recovery bounty.

WestJet and Airport Infrastructure Attacks

Canadian carrier WestJet disclosed a cybersecurity incident in June that disrupted internal systems and mobile services.

By October, it confirmed that passenger data including names and contact details had been stolen.

Authorities linked the incident to broader airline-focused campaigns attributed to the Scattered Spider group.

Retail Attack Wave 

Retail was hit in cascading fashion. Marks & Spencer (M&S) was crippled by ransomware over Easter weekend, forcing the suspension of online orders and automated stock systems. Estimated impact reached £300 million in lost profit. Some reports indicated that the attack was likely carried out by the Scattered Spider group.

The Co-operative Group narrowly avoided operational collapse after isolating ransomware-infected systems, but later confirmed that 6.5 million members’ data had been exposed.

As authorities explored possible links between the Co-op and M&S incidents, suspicions rose that both attacks originated from the same criminal network. 

Harrods shut down parts of its internal networks following intrusion attempts, though customer data theft was not confirmed.

Adidas confirmed in May a customer service data breach via a third-party provider that exposed names and email addresses.

In July, UK authorities arrested four suspects linked to the Scattered Spider network, tying them to the M&S, Co-op and Harrods attacks.