The Worst Hacks of 2025
The Worst Hacks of 2025: A Year of Data Breaches and Cyber Attacks
2025 was a year marked by a steady drumbeat of data breaches, leaks, ransomware attacks, digital extortion cases, and state-sponsored attacks that have unfortunately become a backdrop of daily life. From high-profile hacks of major corporations to breaches of government agencies, this year saw a significant increase in the number and severity of cyber attacks. In this article, we'll take a comprehensive look at the worst hacks of 2025, exploring the causes, consequences, and implications of these attacks.
Salesforce Integrations: A Breach of Third-Party Contractor Integrations
One of the most significant breaches of 2025 was the attack on Salesforce integrations. Attackers grabbed data from the sales management giant Salesforce in at least two breaches, but they didn't compromise Salesforce directly. Instead, the group breached third-party Salesforce contractor integrations, including those of Gainsight and Salesloft. Google's Threat Intelligence Group published about the spree in August, saying that some Google Workspace data had been compromised as part of the breach of the sales and marketing platform Salesloft Drift.
The incident was not a direct hack of Google Workspace, but it represented a rare instance in recent years of Alphabet customer data being exposed. Other impacted companies include Cloudflare, Docusign, Verizon, Workday, Cisco, LinkedIn, Bugcrowd, Proofpoint, GitLab, SonicWall, Adidas, Louis Vuitton, and Chanel. The credit bureau TransUnion also had a breach apparently tied to the situation that exposed the information of 4.4 million people, including names and Social Security numbers.
Clop's Oracle E-Business Hacking Spree
The ransomware group Clop is known for carrying out mass exploitation of vulnerabilities for data breaches and extortion attacks. Past rampages in recent years had huge numbers of victims at both private companies and government agencies. This year, the group did it again, exploiting a vulnerability in Oracle's E-Business internal management platform to steal data from numerous companies and organizations.
As part of the spree, Clop was able to steal employee data from multiple companies, including the personal information of executives, and used it to send emails and other threatening communications to senior employees as part of demands for millions of dollars in ransom to delete the data instead of publishing it. Oracle scrambled to patch the vulnerability at the beginning of October, but Clop had already been exploiting it to steal data from hospitals and health care groups, media companies like The Washington Post, and universities like the University of Pennsylvania.
University Breaches: A Year of Phishing Attacks
The University of Pennsylvania publicly disclosed a data breach at the beginning of November that took place at the end of October, impacting personal data—some of it years or decades old—of students, alumni, and donors. The data also included internal university documents and some financial information. The incident was the result of a phishing attack; the hacker sent email blasts to students and alumni describing Penn as “woke” and saying that the school prioritizes “legacies, donors and unqualified affirmative action admits.”
Harvard said in a November statement that the systems of its Alumni Affairs and Development office had been breached via a “phone-based phishing attack.” The incident involved personal information of alumni, their partners, Harvard donors, parents of current and former students, some current students, and some faculty and staff. The data included email addresses, phone numbers, physical addresses, event attendance records, information about donations to the university and other fundraising details.
Aflac: A Data Breach of Epic Proportions
The US insurance company Aflac disclosed a data breach in June that it said impacted customer Social Security numbers and health details, but did not disclose a number of victims. On December 19, the company clarified that it is now notifying about 22.65 million people that their data was stolen in the breach. Legally required notifications under state data breach laws, including in Texas and Iowa, indicate that the stolen data includes names, contact information, dates of birth, Social Security numbers, tax ID numbers, health information, medical record numbers, dates of service with medical providers, and health insurance ID numbers.
Mixpanel: A Breach of Web App Analytics Company
The web app analytics company Mixpanel announced at the end of November that it had addressed a “security incident” it identified on November 8. The company said that it discovered the situation after detecting a “smishing campaign” or SMS phishing attack that apparently led to a breach. Mixpanel said at the time that it had notified all of its impacted customers, but the company did not say how many customers were affected or provide a sense of scale for the situation.
Jaguar Land Rover: A Cyberattack of Epic Proportions
A cyberattack at the end of the summer against global car giant Jaguar Land Rover caused weeks of stalled production at factories across the United Kingdom that normally churn out an estimated 1,000 vehicles per day. The situation also created gridlock across JLR's massive supply chain. The UK government admitted in September that the attack had a “significant impact” on the company and on the “wider automotive supply chain.” Reports claimed that JLR may have been losing up to £50 million ($67 million) per week during the shutdown.
Honorable Mention: A Bunch of US Government Breaches
Though it wasn't an all-time brutal year for US government breaches, that's not saying much. A Treasury breach at the very end of 2024 perpetrated by China led into exploitation of a Microsoft Sharepoint vulnerability in 2025 that included exploitation by alleged Chinese actors. The National Nuclear Security Administration within the Department of Energy suffered a compromise in this campaign. Meanwhile, a breach of the US Courts records system that may have been perpetrated by Russia revealed extremely sensitive information, including sealed documents. And the United States Congressional Budget Office was hacked in November.
Conclusion
2025 was a year marked by a steady drumbeat of data breaches, leaks, ransomware attacks, digital extortion cases, and state-sponsored attacks that have unfortunately become a backdrop of daily life. From high-profile hacks of major corporations to breaches of government agencies, this year saw a significant increase in the number and severity of cyber attacks. As we look to the future, it's clear that the threat of cyber attacks will only continue to grow, and it's up to us to stay vigilant and take steps to protect ourselves and our organizations from these threats.
In the coming year, we can expect to see even more sophisticated and targeted attacks, as well as increased use of artificial intelligence and machine learning to carry out these attacks. It's essential that we stay ahead of the curve and invest in the latest security technologies and best practices to protect ourselves and our organizations.
Ultimately, the key to preventing cyber attacks is to stay informed, stay vigilant, and take proactive steps to protect ourselves and our organizations. By working together, we can create a safer and more secure online environment for everyone.
