2025 has had a turbulent start in the cyber security world. Last year, we saw some of the biggest and most damaging data breaches ever – and unfortunately this year seems to be travelling on the same trajectory. We’ve had multiple high profile organisations in the headlines after experiencing significant data breaches.

In this article, we’ll explore the five most impactful cyberattacks of 2025 so far detailing how the attacks happened and providing key takeaways for businesses.

#1 Marks & Spencer Cyber Attack

As has been plastered all over the news, making headlines for multiple days throughout April and May, Marks & Spencer faced a significant ransomware attack in April 2025.

The attackers, identified as the Scattered Spider group, breached M&S’s systems as early as February 2025. They stole the NTDS.dit file, a critical component of Windows Active Directory containing hashed credentials, allowing them to crack the passwords offline and gain access across the network. Using social engineering, including phishing and multi-factor authentication fatigue attacks, they deployed DragonForce ransomware on April 24th targeting M&S’s virtual servers. This action encrypted virtual machines, disrupting online orders, contactless payments, and other services.

Obviously, M&S hadn’t realised they had been hacked until they uncovered issues with their systems and received customer complaints at the end of April, and later officially confirmed a cyber incident. M&S responded by taking some IT systems offline, including all online orders and recruitment, and worked to restore services while enhancing their cybersecurity measures. This resulted in weeks of empty shelves whilst they recovered their operations and systems back to normal.

Key Takeaway: Regular security audits and monitoring, employee education and robust MFA can all help prevent attacks like this one.

#2 Legal Aid Data Breach

The Legal Aid Agency experienced a severe data breach in April 2025, exposing sensitive information of millions of individuals who had applied for legal aid since 2010.

The Ministry of Justice detected a cyber attack on the Legal Aid Agency’s systems on Wednesday 23rd April, but didn’t publicly confirm a cyber attack until a week later. They later stated that the attack was much more extensive than they originally realised.

The breach was attributed to long-standing poor cybersecurity practices, including outdated software, lack of encryption, and insufficient access controls. Attackers exploited these vulnerabilities in the agency’s digital service platform, gaining access through a weak entry point in the web application firewall. This allowed them to download a significant amount of personal data, including contact details, national ID numbers, criminal history, employment status, and financial information. Several solicitors and legal organisations have warned their clients to be alert for suspicious activity and stay vigilant, as the theft of this data can be used for future social engineering attacks.

The Ministry of Justice is working with the National Crime Agency and the National Cyber Security Centre to investigate the breach and support affected individuals.

Key Takeaway: Keeping on top of your cyber security, regular updates and patches, strong encryption, and robust access controls are essential to protect sensitive data.

#3 Google Supply Chain Attack

In a sophisticated supply chain attack, cybercriminals targeted a third-party supplier to gain access to Google’s network. The attackers exploited vulnerabilities in the supplier’s software, specifically targeting Chrome browser extensions. They began by sending phishing emails to Chrome extension developers, impersonating Google Chrome Web Store support. These emails claimed that the developer’s extension violated store policies and was at risk of removal. Once the developers clicked the embedded link, they were led to a legitimate Google OAuth authorisation page for a malicious application named “Privacy Policy Extension”. Once authorised, the attackers gained full access to publish new versions of the targeted extensions, injecting malicious code into legitimate extensions. This code communicated with command and control servers to download sensitive user data.

Google’s response involved enhancing their security protocols, conducting a thorough investigation, and working closely with the supplier to prevent future incidents.

Key Takeaway: This attack underscores the importance of securing every link in the supply chain to protect against cyber threats.

#4 Coinbase Ransomware Attack

Coinbase, a leading cryptocurrency exchange, fell victim to a ransomware attack in May 2025. Hackers bribed overseas support agents to steal customer data, including names, addresses, phone numbers, and masked bank account numbers. The attackers demanded a $20 million ransom, which Coinbase refused to pay. Instead, Coinbase terminated the employment of the involved support agents and contractors, enhanced fraud monitoring protections, and established a reward fund for information leading to the arrest of the criminals. This incident highlights the risks of insider threats and the importance of robust security measures.

Key Takeaway: Implementing a zero-trust cybersecurity model and monitoring insider activities can mitigate the risks of insider threats.

#5 WhatsApp Spyware Hack

WhatsApp users were targeted by a zero-click spyware attack in early 2025. Spyware is a type of malicious software designed to infiltrate a device without user interaction and gather sensitive information. The spyware, attributed to the Israeli firm Paragon, required no user interaction to compromise devices. It targeted journalists and members of civil society, accessing messages and other sensitive data. The attack involved the distribution of a PDF file sent to individuals who were added to group chats on WhatsApp. Meta, the parent company of WhatsApp, responded by notifying affected users and enhancing security measures. This attack emphasises the need for continuous vigilance and advanced security solutions to protect against sophisticated threats.

Key Takeaway: Regularly updating software and educating users about the risks of zero-click attacks can help protect against spyware.

Conclusion

The cyberattacks and data breaches we’ve seen so far in 2025 serve as stark reminders of the evolving threats we’re all facing. There’s a lot for businesses to learn from these attacks – and it’s important that we use them as an opportunity to learn and update our cybersecurity practices to prevent becoming the next victim.

If you’d like to understand how we can help your business with its cybersecurity, please get in touch.