Ten cyberattacks and data leaks in the world that marked 2025

The top 10 cyberattacks and data leaks that marked 2025:

1. China and the exposure of 4 billion data: China was the country hardest hit in what was one of the largest data breaches in history. A passwordless database of more than 630 gigabytes exposed more than 4 billion records. These were billions of documents containing personal and financial data, and WeChat and Alipay details, which were exposed to the public.

The leak that occurred in June contained residential information, bank card numbers, date of birth, names and telephone numbers. With this data, malicious actors could, for example, create detailed profiles on people’s consumption habits and economic situation. Although this information bank was removed after the leak, the malicious actors behind the incident were not identified.

2. Data leak through McDonald’s chatbot: Artificial intelligence is present in many processes and dynamics of various companies. For example, the case of McDonald’s, which through its chatbot Olivia (implemented by Paradox.ai), requests the resume and information from applicants who want to apply for job vacancies.

In June, Olivia became the gateway through which malicious actors could access the information of 64 million applicants. Security researchers discovered a critical security flaw in this chatbot through a web page that the owners of these restaurants could use to see all the information of people applying for vacancies. This page accepted “123456” as administrator login credentials.

3. Scattered Lapsus$ Hunters exposes information of 5 million people: This cyberattack took place on June 30 and exposed the information of 5 million people. The victim was the Australian airline Qantas, and the cybercriminals managed to breach it through the company’s customer service center in the Philippines. Those responsible were the cybercriminal group called Scattered Lapsus$ Hunters.

Through this cyberattack, the attackers obtained sensitive information such as email addresses, date of birth and telephone numbers, but did not access the victims’ financial or passport data. In reference to this, Qantas issued a statement in which it acknowledged the attack and invited its customers to pay attention to any misuse of their information.

4. The cyberattack that left shelves empty in the United States: United Natural Foods is one of the largest food distribution companies in the United States. In June it suffered a cyber attack that paralyzed a large part of its operations and was unable to deliver products to its customers. The result was more than $400,000 in lost sales.

Specifically, the company detected unauthorized activity in some of its computer systems: to contain the incident and prevent it from spreading, it decided to leave several of the critical systems “offline”, which clearly affected their normality, such as the ability to process orders and distribute merchandise. According to some media reports, the group behind this attack is Scattered Spider, with great activity, affecting companies in the aviation, transportation and insurance sectors, among others.

5. A historic cyberattack against Brazil’s financial system: Julio will go down in the history of cyber attacks in Brazil, since it suffered a critical attack on its financial system with a loss of close to 150 million dollars.

The cyberattackers focused on C&M Software, a company that provides the technical infrastructure for banks and other institutions to connect to PIX and/or the Central Bank, which they managed to breach thanks to the use of compromised credentials. Once inside the system, they activated various fraudulent transfers through PIX, emptying the reserves of those accounts and affecting at least six financial institutions. This case, according to ESET, serves as an example of how a supply chain attack works, and the consequences it can have if an organization does not carry out exhaustive control of the security of its own suppliers.

6. The ransomware that put PCM in check in Mexico: PCM is a Mexican company that supplies various inputs to large companies. During January he made the news for having been the victim of a ransomware attack, at the hands of RansomHub.

The cybercriminals managed to access 3 gigabytes of sensitive information, such as contracts with several of the aforementioned companies, and other sensitive operations and communications data. After several warnings, they published everything obtained on the Dark Web. This is another example of how, through a supply chain attack, malicious actors target vulnerabilities in intermediate services in order to affect large multinational companies.

7. Attack on the Prosecutor’s Office: During November, the Guanajuato Prosecutor’s Office suffered a cyber attack that exposed more than 250 gigabytes of confidential data, internal emails and sensitive files. The ransomware attack was claimed by the Tekir APT group, and not only did they access confidential information, but certain digital platforms such as some of their internal services were also affected.

On November 22, a statement from the Prosecutor’s Office admitted the cyberattack due to “an unauthorized intrusion of 1.7% of the agency’s total digital infrastructure.”

8. Brazil and the ransomware that targeted oil: The ransomware attack by the Everest group on the renowned Brazilian oil company PetroBras during the month of November confirms for ESET that Latin America was one of the favorite scenarios for cybercriminals to carry out their malicious activities.

The loot consisted of confidential and sensitive industry data, such as ship coordinates, depth measurements, and even seismic survey reports. In total, it represented more than 90 gigabytes of information. For its part, PetroBras denied that it was a security incident in its systems, and that the company’s confidential and strategic data remains safe.

9. An unprotected database exposes more than 184 million credentials: During the month of May, researcher Jeremiah Fowler discovered an unprotected, publicly accessible database containing more than 184 million access credentials for global services such as Google, Apple, Facebook, Instagram, Snapchat, Roblox, and email providers. In total, the database had more than 47 GB of information, without any type of authentication or security measures to protect it.

In addition, the records also contained even more sensitive credentials: access to banks, financial platforms, health services and government portals from different countries. The most solid theory is that this data comes from infostealers, a type of malware that infects computers and steals credentials directly from the browser, without the affected services having suffered any breaches of their own.

10. The ransomware that stopped the operations of an airport: In September, several airports in Europe (Brussels, Heathrow and Berlin, in Ireland and Belgium) suffered a massive interruption in their check-in, boarding and baggage clearance systems. What was initially reported as a “third-party vendor failure” ended up being confirmed as a ransomware attack against ARINC cMUSE software, a critical system developed by Collins Aerospace (an RTX subsidiary) and used by airlines and airports to manage essential operations.

The European Union Cybersecurity Agency (ENISA) confirmed that it was a ransomware attack, and specialized media indicate that it could be related to the actions of ShinyHunters and Scattered Spider, cybercriminal gangs known for attacking critical infrastructure sectors, including the aeronautical industry. The impact was immediate and severe: Brussels canceled more than half of its scheduled flights (140 of 276), and other airports had to migrate to manual processes to register passengers, handle luggage and manage boarding, causing delays that lasted for several days.