It was an unusual year in the cybersecurity landscape as the United States saw significant political developments under President Donald Trump. This backdrop of constant data breaches, ransomware incidents, and state-sponsored cyberattacks became the norm in 2025.
Salesforce Breaches
In a notable breach involving Salesforce, attackers accessed data not directly through Salesforce itself, but via third-party integrations like Gainsight and Salesloft. Google’s Threat Intelligence Group revealed that Google Workspace data was also compromised as a result. Various other companies, including Cloudflare, Verizon, and LinkedIn, had their data exposed. A group dubbed Scattered Lapsus$ Hunters likely orchestrated this campaign, resulting in the leak of information for over 4.4 million individuals from TransUnion due to connections with the breaches.
Ransomware Attacks by Clop
The ransomware group Clop exploited a weakness in Oracle’s E-Business Suite, targeting numerous organizations by stealing sensitive employee data and demanding ransom. Affected entities included hospitals and universities like the University of Pennsylvania, which suffered a similar phishing-related breach that exposed sensitive alumni and donor information.
University Cyber Attacks
In November, the University of Pennsylvania reported a breach impacting decades’ worth of personal data from students and alumni, allegedly linked to an attacker posing as an activist. Nearby, Harvard experienced a phone-based phishing incident that compromised sensitive data across broad demographics, while Princeton faced a similar breach. Other universities, including New York University and Columbia University, also reported security incidents throughout the year.
Aflac’s Data Breach
The insurance company Aflac notified millions of customers about a breach that initially was undisclosed but later impacted around 22.65 million individuals. The stolen information included Social Security numbers, health records, and personal details, believed to be targeted by a known cybercriminal organization.
Mixpanel Incident
The web analytics firm Mixpanel encountered a security situation attributed to a "smishing" attack that compromised customer data. Notably, OpenAI identified itself among the impacted companies, revealing that data from some users had been breached.
Jaguar Land Rover Attack
A severe cyberattack on Jaguar Land Rover significantly disrupted production across the UK, leading to massive financial losses and major supply chain complications. The exact perpetrators remain unidentified, but the attack’s impact was felt industry-wide.
Government Breaches
The year also witnessed multiple breaches within U.S. government agencies. A significant breach at the Treasury Department linked to alleged Chinese actors transitioned into exploitation of vulnerabilities in Microsoft SharePoint. Other governmental cybersecurity incidents led to the exposure of sensitive information and substantial implications concerning U.S. cybersecurity.
As 2025 closed, these incidents represented the continually evolving landscape of cybersecurity threats, necessitating ongoing vigilance and adaptation in protecting sensitive data.
