tl;dr
In May 2025, numerous cyberattacks and data breaches affected global companies and government agencies across sectors including technology, finance, retail, manufacturing, and government. Major incidents included Meta’s exposure of 1.2 billion user records, AT&T’s leak of 31 million customer records...
In May 2025, a series of significant cyberattacks and data breaches impacted a wide array of global companies and entities, ranging from tech giants to government agencies. The most prominent incident involved Meta (NASDAQ: META) in Menlo Park, California, where approximately 1.2 billion user records were scraped, exposing sensitive personal information including IDs, names, contacts, and locations.
Other major breaches included AT&T (NYSE: T) in Dallas, Texas, with 31 million customer records leaked, and Dell (NASDAQ: DELL) in Round Rock, Texas, where a customer portal attack potentially exposed 49 million home addresses and order details. Financial institutions were also affected; JPMorgan Chase (NYSE: JPM) disclosed a data breach dating back to 2021 affecting around 500,000 individuals.
In the UK, Co-operative Group Ltd (LSE: COOP) suffered a ransomware attack by the DragonForce group, compromising millions of member records, while Marks & Spencer (LSE: MRW) faced disruption in both online and in-store services attributed to social engineering by the Scattered Spider threat actor. Commvault (NASDAQ: CVLT) experienced a cloud SaaS platform attack that could have compromised clients' Microsoft 365 services via vulnerability CVE-2025-3928.
Retail giant Victoria's Secret (a division of L Brands, NASDAQ: LB) temporarily took down its US website and limited in-store services following an undisclosed security incident. Manufacturing was not spared; Nucor Corporation (NYSE: NUC) in Charlotte, North Carolina, halted production after unauthorized access.
Internationally, the Czech Ministry of Foreign Affairs suffered a cyberattack attributed to the Chinese state-sponsored group APT31, targeting unclassified communications. Additionally, a massive password leak affected over 184 million records globally, exposing passwords and emails connected to multiple major tech firms, banks, and government agencies. This widespread breach involved companies such as Apple (NASDAQ: AAPL), Google (NASDAQ: GOOGL), Microsoft (NASDAQ: MSFT), Bank of America (NYSE: BAC), and Wells Fargo (NYSE: WFC).
This spate of cyber incidents underscores the increasing sophistication and scale of cyber threats across sectors. Affected industries include technology, finance, retail, manufacturing, and government, demonstrating the pervasive risk environment currently facing global enterprises. Analysts emphasize the critical need for enhanced cybersecurity protocols, continuous vulnerability assessments, and robust incident response strategies to mitigate future risks.
In summary, key entities impacted in May 2025 include:
• Tech Giants: Meta (META), Apple (AAPL), Google (GOOGL), Microsoft (MSFT)
• Financial Institutions: JPMorgan Chase (JPM), Bank of America (BAC), Wells Fargo (WFC)
• Retailers: Victoria's Secret (L Brands, LB), Marks & Spencer (MRW)
• Manufacturing: Nucor Corporation (NUC)
• Government Agencies: Czech Ministry of Foreign Affairs (N/A), NATO (N/A)
• Other Notables: Dell (DELL), AT&T (T), Co-operative Group (COOP), Commvault (CVLT)
These events highlight not only the vulnerabilities present within various digital infrastructures but also the imperative for ongoing vigilance and innovation in cybersecurity defenses as the digital landscape continues to evolve.