In 2025, cyberattacks became more personal, more targeted, and far more dangerous than before. Global security reports show an increase in AI-driven attacks, particularly in phishing, ransomware, and supply chain breaches.
What makes these threats especially challenging is the use of generative AI to create highly convincing phishing content and to automate malware deployment at a larger scale. This shift has made even well-defended businesses vulnerable, including those in critical sectors like healthcare, finance, and energy.
In this article, we will examine which industries were most affected in 2025, analyze the ten most impactful cyber incidents of the year, and discuss the lessons these events leave behind.
Main Industries Affected by Cybersecurity Breaches in 2025
As we become more connected and reliant on digital systems, the risk of cyberattacks keeps growing. Some industries are hit harder than others, often because they handle sensitive data or keep essential parts of the economy running.
Manufacturing is among the top targets for cyberattacks in 2025. Industry experts have reported that that out of 4,701 ransomware cases reported globally between January and September, about 50% struck critical infrastructure, and manufacturing was right at the center of it.
Additionally, cyberattacks on healthcare providers have continued to rise in 2025, putting hospitals and clinics under growing pressure. This year alone, confirmed and suspected ransomware attacks have exposed more than 7.4 million patient records. On average, ransom demands have ranged between USD 514,000 and USD 532,000, but for healthcare organizations the stakes are even higher. Sensitive medical data, life-critical systems, and the risk of regulatory penalties make every breach especially costly to recover from.
The financial sector also continues to be a prime target for cybercriminals in 2025. In just the first quarter of the year, nearly 31% of all phishing attacks were aimed at banks, payment platforms, and other financial institutions. Ransomware, stolen credentials, and business email compromise are still some of the most common tactics used against this industry. It’s a reminder of just how relentless and costly the threat landscape has become.
Retail and e-commerce have become a focus for attackers as well this year. A 2025 industry report notes that publicly disclosed ransomware attacks against retail surged by 58 % in just a few months. Business interruptions, data breaches and reputational damage suggest that the financial impact of an attack can be considerable, especially for large online platforms.
The 5 biggest Cyber-Attacks in 2025
From ransomware crippling hospitals to data breaches at major tech providers, this year’s cyberattacks have been a loud wake-up call. They’ve exposed just how vulnerable even the most trusted systems can be and why resilience, awareness, and strong cybersecurity strategies are indispensable.
Below, we’ll discuss ten of the most significant cyber incidents that have shaped the landscape in 2025.
1. PowerSchool Attack, Early 2025
In early January, PowerSchool, a widely used platform in K–12 schools, confirmed that hackers had stolen personal data belonging to both students and teachers. While the company says most of the exposed information includes names and contact details, the impact goes deeper for some districts. In certain cases, the stolen data may also include Social Security numbers, medical records, academic grades, and other personally identifiable information.
The hacker behind the attack claims to have accessed sensitive data on more than 62 million students and 9.5 million teachers, and has issued an extortion demand in exchange for not leaking the information.
| Type of Attack | Credential-Based Attack (Credential Stuffing) |
| Scope of Impact | Approximately 62 million students and 9.5 million teachers across the United States. |
| Data Compromised | Sensitive personal information, including student grades, medical records, and Social Security numbers. |
| Cause | The breach originated from the use of a single compromised credential, which granted unauthorized access to the organization’s customer support portal. This access enabled attackers to infiltrate the broader school information system and exfiltrate large volumes of sensitive data. |
2. 10.5 million Records Exposed in Conduent Data Breach
In January 2025, Conduent revealed it had fallen victim to a massive data breach that affected more than 10.5 million people across the U.S. The attack groups had quietly infiltrated the company’s network months earlier, back in October 2024, but it wasn’t until mid-January that Conduent uncovered the breach.
By then, the damage was already done. Hackers had stolen an estimated 8.5 terabytes of sensitive information, including names, Social Security numbers, birthdates, home addresses, and even details about health and insurance records. Conduent has since brought its systems back online and alerted both law enforcement and the affected individuals.
| Type of Attack | Phishing |
| Scope of Impact | More than 10.5 million US businesses and residents affected. |
| Data Compromised | Names, Social Security numbers, dates of birth, residential addresses. |
| Cause | Employees were manipulated into disclosing their login credentials, which allowed attackers to gain unauthorized access to the company’s internal network. |
3. Bybit Data Breach, Alarming Crypto Heist
On February 21, 2025, Bybit found itself at the center of one of the largest crypto heists in history. In a matter of minutes, hackers drained one of the exchange’s cold wallets, walking away with around 400,000 ETH (worth an astonishing $1.5 billion at the time). The funds were quietly moved to untraceable addresses, leaving the crypto world stunned.
Investigators later revealed that the attackers had compromised a developer’s workstation linked to a third-party wallet provider, Safe{Wallet}. During what should’ve been a routine transaction, the attackers manipulated the wallet interface to generate legitimate-looking signatures, effectively tricking the system into approving their own malicious transfer.
| Type of Attack | Supply Chain Compromise (possibly with elements of Man-in-the-Application (MitA) tactics) |
| Scope of Impact | Approximately $1.5 billion in cryptocurrency was stolen during the attack. |
| Data Compromised | 400,000 ETH (ether), cryptocurrency. |
| Cause | The attacker most likely broke into the development system, changing a software update, or using a weak spot in a third-party tool. They changed the way the interface worked so that the user or system unknowingly approved a fake transaction. Because everything looked normal, the system thought the transaction was real and let it go through without any warning. |
4. Marks & Spencer (M&S), Roughly £300 million in Losses
Over the Easter weekend in April, Marks & Spencer (M&S) was hit by a major cyberattack that brought key parts of its business to a standstill. The attackers, believed to be the group known as Scattered Spider, gained access through a third-party contractor by using social engineering tactics. Once inside, they managed to shut down M&S’s online shopping systems, including Click & Collect and fashion sales, for nearly six weeks.
With Easter being a crucial retail period, the disruption is estimated to have cost the company up to £300 million in lost revenue. The same group is also believed to have targeted other retailers, including Coop, raising broader concerns across the sector.
| Type of Attack | Ransomware (through Social Engineering tactics) |
| Scope of Impact | Approximately £300 million in revenue losses. |
| Data Compromised | Names, home addresses, phone numbers, email addresses, dates of birth, and online order histories. |
| Cause | The attackers contacted help desks by phone, impersonating internal support staff and convincing third-party contractors to authorize password resets. These credentials granted access to critical M&S systems, despite multi-factor authentication being in place. |
5. Qantas Data Leak Affects Over 5 million Individuals
In a breach that shook Australia’s national airline, a hacking group calling itself Scattered Lapsus$ Hunters released the personal data of around 5 million Qantas customers on the dark web. All because a ransom deadline came and went without payment.
The data was traced back to a June 2025 breach of a third-party contact center platform connected to Salesforce, revealing just how vulnerable even trusted partners can be. The exposed information includes names, email addresses, phone numbers, birthdates, and frequent-flyer numbers. Fortunately, no passport or financial data was reportedly involved.
| Type of Attack | Ransomware (Third-Party Data Breach) |
| Scope of Impact | Around 5.7 million customer records. |
| Data Compromised | Names, email addresses, phone numbers, dates of birth, and Frequent Flyer details. |
| Cause | The breach occurred when attackers gained access to a third-party customer service platform used by Qantas’s contact center. As a result, sensitive customer data was compromised. |
Key Takeaways from These Cyber-Attacks
After a year of high-profile breaches, we’ve learned that cyber risk is no longer an edge case. It’s everywhere. And while the damage often grabs headlines, the deeper value lies in what these incidents can teach us.
- Reducing the Risk of Compromised Login Information – Employees should use complex, unique passwords for every account and manage them through secure, enterprise-grade password vaults. Additionally, you can implement a strong Identity and Access Management (IAM) framework. Make sure all access permissions are role-based and regularly audited.
- Best Practices for Avoiding Phishing – Technology alone cannot prevent phishing. Human awareness must be part of your cybersecurity strategy. You should provide ongoing social engineering testing to help employees identify suspicious emails, links, attachments, and impersonation tactics.
- Prevent Man-in-the-Middle Attacks or Interface Manipulation – To stop attackers from spying on or changing your data during transmission, use secure encryption methods like TLS with certificate checks. Also, follow a Zero Trust approach, which means always verifying who is trying to access your systems and what they’re trying to do, no matter where they’re coming from. A good SOC strategy can help with this.
- Prevent Ransomware Through Social Engineering Awareness – Ransomware often begins with a simple mistake, such as an employee unknowingly clicking a malicious link or trusting a fake support request. Regular training helps staff recognize these tactics before damage is done. Building awareness across your organization is one of the most effective ways to stop ransomware before it ever takes hold.
- Reducing Ransomware Risk from Third-Party Vendors – Third-party vendors can become the weakest link in your cybersecurity chain if you don’t properly verify them. To reduce ransomware risk, limit their access to only what’s necessary, assess their security posture regularly, and enforce clear standards from the start.
Mitigate Cybersecurity Risks with CyberGlobal’s Market-Leading Services
Data breaches continue to rise in both frequency and impact, affecting millions of individuals each year. Cybercriminals target organizations of all sizes, industries, and locations, meaning that no one is safe. However, proactive measures can significantly reduce exposure and mitigate the risks associated with these attacks.
At CyberGlobal, helping businesses stay ahead of threats is our core mission.
Our team of cybersecurity professionals continually develops and deploys advanced technologies to address both current and emerging risks. We’re proud to serve global enterprises like Mercedes-Benz, Red Bull, and Emirates NBD, but our services are not limited to large corporations. Through our expanding network of franchise partners, we deliver scalable, enterprise-grade cybersecurity services to small and mid-sized businesses worldwide.
Our portfolio includes:
Each service is customizable to fit your organization’s specific needs. We begin by understanding your current security posture, identifying areas of risk, and collaborating with you to design a strategy that aligns with your business goals.
But what sets us apart is our commitment to partnership.
Beyond providing technical solutions, we offer real human support, accessible, responsive, and tailored to your environment. At CyberGlobal, we work alongside you, not just as a service provider, but as an extension of your team.
If you’re looking to strengthen your cybersecurity posture and protect what matters most, our team is here to help you do it, with confidence, clarity, and professionalism.
