As 2025 approaches its halfway point, cyber attackers have already left a trail of disruption, compromise, and data theft. This year has seen some of the largest data breaches in history, affecting millions of individuals and organisations across sectors. From leaked credentials and telecom breaches to attacks on healthcare and cloud services, the trend is clear: cyber risk is not slowing down. 

In this blog, we highlight the five biggest data breaches of 2025 so far, what was compromised, and what businesses can learn from these high-profile incidents. 

CTA-Incident-Response

 

1. UNFI cyberattack – disruptions to the food supply chain  

In mid-June, United Natural Foods Inc. (UNFI), a major US grocery wholesaler and primary distributor for Whole Foods, fell victim to a crippling cyberattack. The incident crippled its electronic ordering systems, forcing temporary shutdown of automated ordering and delivery services, which in turn caused notable grocery shortages across North America. The attack, believed to have originated from unauthorised access, left UNFI scrambling to restore networked operations in coordination with partners . 

Why it matters 

  • Highlighted the fragility of digital food supply systems and dependency on a single distributor. 
  • Forced many retailers to seek alternate wholesalers. 

What businesses should do 

  • Vet third-party providers more thoroughly. 
  • Enhance disaster-recovery and business-continuity plans within supply chains. 

 

2. Sepah bank cyberattack – 42 million records compromised 

In March, the hacker collective “Codebreakers” breached Iran’s Bank Sepah, stealing a staggering 42million customer records (approximately 12TB of data), which included details of senior bank officials. Threatening a $42million Bitcoin ransom, hackers released portions of the dataset after demands were ignored cybersecuritydive.com+5startribune.com+5techcrunch.com+5keepersecurity.com. 

Why it matters 

  • Represents one of the largest cyberattacks targeting a financial institution in 2025. 
  • Demonstrates increasing confidence among hackers to compromise sensitive banking systems. 

What businesses should do 

  • Deploy network segmentation and continuous monitoring. 
  • Increase encryption and tokenisation of customer data and transactions. 

ctem-1

 

3. Telemessage breach – U.S. officials exposed 

In May, cybercriminals infiltrated TeleMessage, a compliance messaging app used by US government officials—including those from FEMA, CBP, etc. The breach exposed metadata from over 60 accounts, including names, phone numbers, and email addresses, though content was not disclosed. Notably, the app was used by Mike Waltz, former National Security Adviser, and its compromise triggered widespread suspension and CISA advisories  

Why it matters 

  • Exposes metadata which could pose serious counterintelligence risks. 
  • Highlights tradeoffs between compliance and true secure communication. 

What businesses should do 

  • Adopt endtoend encryption and validate thirdparty solutions. 
  • Perform regular security audits and rely on trusted, widely supported platforms. 

 

4. SAP Netweaver vulnerability – cloud infrastructure at risk 

On 24 April, SAP disclosed a critical zero-day vulnerability (CVE-2025-31324) in NetWeaver Visual Composer. The flaw enabled unauthenticated remote code execution, allowing bad actors to upload web shells and compromise systems. Researchers identified over 581 NetWeaver instances in active exploitation, including by state-linked groups  

Why it matters 

  • SAP’s NetWeaver is pivotal in countless enterprise and public-sector systems. 
  • A single flaw could lead to significant disruption and data theft. 

What businesses should do 

  • Apply SAP Security Note 3594142 and all related patches immediately. 
  • Deploy detection and incident-response tools to hunt for unauthorised web shells. 

cyberfire

 

5. M&S cyberattack – UK retail impacted 

During the Easter weekend in April, the retailer Marks & Spencer (M&S) suffered a major cyberattack, attributed to the gang Scattered Spider. Attackers bypassed contractor defences via social engineering and disabled online shopping including click & collect and fashion sales for six weeks The incident hit profitability hard with estimates of up to £300 million in losses. The same attackers also impacted other retailers including Coop. 

Why it matters 

  • Demonstrates cascading risks when large retailers go offline during key retail periods. 
  • Highlights risks from third-party contractor access. 

What businesses should do 

  • Enforce stringent access control and supplychain security. 
  • Strengthen employee awareness and incident-response protocols. 

Copy of Copy of Blog banner image template

 

These breaches show that in 2025, no single sector is immune. From grocery distribution and car rental to secret government messaging, cyber adversaries exploit weakest links—vendors, contractors, unpatched systems. 

If you are worried about any of the threats outlined in this blog or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please get in touch. 

Contact Us