Major Data Breaches and Attack Trends in 2025
The year 2025 saw a significant escalation in the scale and sophistication of data breaches worldwide, with attackers leveraging advanced tools such as AI-driven phishing, deepfakes, and automated intrusions. High-profile incidents included the compromise of billions of credentials from tech giants, targeted attacks on airlines and telecoms, and the exposure of sensitive customer data from major insurance companies like Aflac. Attack vectors evolved, with phishing, social engineering, supply-chain breaches, and cloud misconfigurations becoming increasingly prevalent. The financial impact of these breaches was substantial, with average costs per incident rising and global cybercrime losses projected to exceed $10 trillion. Notably, the Aflac breach in June 2025 exposed personal and health data of over 22 million individuals, attributed to the Scattered Spider group, prompting the company to enhance security measures and offer extended identity protection services to affected parties.
Industry analysis highlighted the dual use of AI by both attackers and defenders, the growing threat of supply-chain and cloud-based attacks, and the persistent challenge of credential theft. The insurance sector, in particular, faced coordinated campaigns, with similar breaches reported at other firms. Organizations responded by resetting credentials, increasing monitoring, and providing support to victims, while regulatory scrutiny and legal actions intensified. The events of 2025 underscored the urgent need for robust security practices, rapid incident response, and proactive threat intelligence to mitigate the evolving risks posed by increasingly resourceful adversaries.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
Class-action lawsuit alleges Aflac failed to protect data
A class-action lawsuit was filed alleging Aflac used inadequate data protection measures in connection with the breach. The legal action followed public disclosure of the incident's scale and sensitivity.
Scattered Spider suspected in Aflac breach
Reporting on the incident said the threat actor was believed to be Scattered Spider, a group known for social-engineering attacks against insurance companies. This attribution emerged as part of the public understanding of the breach.
Aflac notifies states and offers identity and medical fraud protection
After confirming the scope, Aflac sent notifications to affected states and offered 24 months of free identity theft and medical fraud protection to impacted people. The company said no confirmed fraudulent activity had been identified at that time.
Aflac confirms full scope of breach affecting 22.65 million people
By December 2025, Aflac confirmed the breach impacted 22.65 million individuals. Exposed data included combinations of Social Security numbers, names, addresses, government IDs, driver's license details, and medical claims information.
Aflac resets credentials and enhances monitoring after breach
Following containment, Aflac responded by resetting credentials, strengthening monitoring, and preparing support measures for affected individuals. The company also determined that no ransomware was involved in the incident.
Aflac detects and contains June 2025 data breach
Aflac detected and contained a significant intrusion on June 12, 2025. The incident affected customers, beneficiaries, employees, and agents, and exposed personal and health-related information.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Major Cybersecurity Trends and Incidents in 2025
The cybersecurity landscape in 2025 was marked by a series of high-impact incidents and evolving threat trends, with identity-driven intrusions, large-scale breaches, and record-breaking DDoS attacks dominating the year. Notable breaches at organizations such as Ingram Micro, Conduent, and Kettering Health resulted in hundreds of millions of dollars in losses, with regulatory filings and industry analyses highlighting the significant operational and financial impacts. Attackers increasingly exploited known vulnerabilities, with the CISA Known Exploited Vulnerabilities (KEV) catalog serving as a critical indicator of attacker intent, and legacy flaws resurfacing as major risk factors. The year also saw a strategic shift in security operations, with organizations prioritizing risk-based decision-making over exhaustive control coverage, and automation and real-time intelligence becoming essential for defense. DDoS attacks reached unprecedented scales, with Cloudflare reporting attacks peaking at 31 Tbps and the emergence of massive botnets like Aisuru. These attacks were often used as smokescreens for deeper intrusions, and the growing sophistication and speed of DDoS campaigns rendered traditional scrubbing-center defenses increasingly obsolete. Geopolitical tensions further shaped the threat landscape, with critical infrastructure and sectors such as gaming and gambling frequently targeted. The industry’s response emphasized the need for adaptive, globally distributed mitigation strategies and highlighted the importance of governance, consent management, and just-in-time administration to separate resilient organizations from those more vulnerable to systemic risk.
Mar 21, 2026
Major Cybersecurity Incidents and Threat Trends of 2025
The cybersecurity landscape in 2025 was marked by a series of high-profile breaches, advanced persistent threat (APT) campaigns, and evolving tactics by both cybercriminals and state-linked actors. Notable incidents included the PornHub data breach, where the ShinyHunters group exfiltrated and extorted sensitive user activity data, and the Knownsec leak, which exposed the espionage tools and global targeting strategies of a major Chinese cybersecurity firm. Supply-chain attacks continued to proliferate, with attackers compromising widely used software libraries and cloud services, impacting thousands of organizations and individuals. The year also saw a surge in sophisticated social engineering campaigns, such as ClickFix attacks, and a significant number of APT operations targeting government and military institutions, particularly in South and East Asia. Cloud service outages, such as the prolonged AWS disruption, highlighted the dependency of IoT and critical infrastructure on cloud reliability, causing widespread operational impacts. The threat actor ecosystem became more industrialized, leveraging AI, ransomware-as-a-service, and multi-stage attacks to increase scale and efficiency. Cryptocurrency platforms suffered major heists, and new vulnerabilities like MongoBleed were rapidly exploited in the wild. The cumulative effect of these incidents underscored the need for robust supply-chain security, improved cloud resilience, and enhanced detection and response capabilities against both opportunistic and targeted attacks.
Mar 21, 2026
Trends and Challenges in Cybersecurity for 2025-2026
Cybersecurity experts and industry reports highlight evolving threats and persistent challenges as organizations prepare for 2026. Attackers are increasingly exploiting misconfigurations, leveraging AI-driven social engineering, and taking advantage of complex, rapidly changing cloud environments. Despite technological advancements, human error and configuration drift remain leading causes of breaches, with automation and policy enforcement recommended as key mitigations. The financial services sector, while showing improved prevention effectiveness due to regulatory pressure and investment, still faces critical weaknesses at specific attack stages, underscoring the need for continuous validation and adaptive controls. Industry commentary and newsletters reflect on the rapid pace of change, with significant M&A activity, the growing impact of AI on cybersecurity strategies, and ongoing struggles with vulnerability management and software supply chain security. The sector is urged to address these systemic issues by adopting risk-based approaches, improving transparency, and integrating new frameworks such as the OWASP Agentic AI Top 10. As organizations look ahead, the consensus is that while progress is being made, the threat landscape is becoming more sophisticated, requiring ongoing vigilance and innovation.
Mar 21, 2026