Significant data breaches in history have resulted in millions of user records being compromised. According to the latest global survey, the average cost of a data breach has decreased to approximately $4.44 million, reflecting a 9% decline from the previous year.
SimonMed Imaging (January 2025)
In January 2025, a ransomware attack by the Medusa ransomware organization led to the exposure of over 1.2 million patient medical records from SimonMed. The leaked data contained highly sensitive personal information, including names, dates of birth, health record numbers, diagnoses, treatments, insurance details, and license numbers.
Yale New Haven Health System (April 2025)
In April 2025, Yale New Haven Health reported a network breach that compromised personal information belonging to nearly 5.5 million individuals. The exposed data allegedly included personal identifiers such as names, dates of birth, contact details, addresses, Social Security numbers, and medical record numbers.
Jaguar Land Rover (March 2025)
Jaguar Land Rover (JLR) halted manufacturing operations in September following a major cyberattack, reportedly the costliest in UK history. Internal operations were disrupted, and sensitive information was allegedly compromised, with 700 documents exfiltrated during the first wave and 350 terabytes of data in the second.
Qantas Airways Customer Data Breach (October 2025)
In October 2025, Qantas discovered suspicious activity in a third-party contact center platform, resulting in approximately 5.7 million customer records being exposed. The leaked information included names, phone numbers, email addresses, Qantas Frequent Flyer numbers, birth dates, and residential addresses. The intrusion was traced back to a vulnerability in third-party software.
Volvo Group (September 2025)
In September, the Volvo Group suffered a cyberattack involving its HR software vendor, Miljodata, which caused a third-party data leak. An unknown number of Volvo North America employees were affected, impacting around 870,000 records across the vendor’s clients. The exposed data comprised first and last names, addresses, birth dates, and Social Security Numbers (SSNs) of some US employees.
Marks & Spencer (May 2025)
A significant cyberattack attributed to the ‘Scattered Spider’ organization occurred against the historic British retailer Marks & Spencer (M&S) in May 2025. The breach is estimated to result in a £300 million ($400 million) loss in revenue. Although exact figures remain unclear, potentially hundreds of thousands of customers were affected.
Google (August 2025)
In August 2025, a data breach associated with a hacked Salesforce-hosted business database emerged, affecting a small portion of Google’s commercial clients’ data. Google alerted its 2.5 billion Gmail users about the potential for targeted follow-up attacks, though it confirmed that no client passwords or financial information were taken.
McDonald’s (July 2025)
In July 2025, a major data breach at McDonald’s impacted millions of job applications. Personal information for nearly 64 million job seekers worldwide was compromised, including full names, phone numbers, and email addresses of applicants.
Key Lessons Learned
The vendor and third-party risk often represent the weakest link. Many of the breaches in 2025 occurred through suppliers, external platforms, or partners rather than the organizations themselves.
Industries with high sensitivity, particularly healthcare, remain primary targets. Breaches involving hospitals, medical imaging companies, and health networks disclosed millions of records.
Cyberattacks are becoming increasingly disruptive and complex, going beyond simple data theft.
The misuse of identities and credentials, along with silent misconfigurations, poses significant risks. Numerous breaches stemmed from inadequate vendor controls, compromised credentials, or poor configurations.
A focus on resilience and preparedness is now crucial. As cyberattacks grow broader and more complex, organizations must shift from reactive security measures to proactive resilience.
