Summary
Total number of incidents disclosed: 29
Total number of known breached records: 14.9 million
Welcome to another monthly round-up of monthly cyber attack and data breach news. At least 29 publicly disclosed incidents were reported worldwide in July 2025, spanning sectors from retail and travel to telecoms, healthcare, government and cryptocurrency. Based on confirmed figures, a minimum of 14.9 million records were breached this month. This is a lower-bound figure, as several major incidents did not provide confirmed counts but likely involved significant volumes of personal data.
Top 5 incidents by number of records affected
- Records affected: 6.5 million (confirmed)
- Data: Names, addresses, emails and phone numbers of loyalty members
- Cause: Supply-chain breach of loyalty programme provider Azpiral in April; public disclosure in July
- Status: Confirmed update – initial public claim in May, formal disclosure in July; arrests made in connection with a wider retail hacking spree
- Records affected: Up to 6 million
- Data: Names, contact details, dates of birth, frequent-flyer numbers; no passwords or payment data
- Cause: Criminal access to a third-party contact-centre system; suspected Scattered Spider involvement
- Status: Confirmed; investigation ongoing; regulators and customers notified
- Records affected: Majority of 1.4 million
- Data: Customer and agent contact details and other PII; no passwords or financial data
- Cause: Breach of a cloud-based contract management/CRM platform on 16 July; ShinyHunters suspected
- Status: Confirmed; FBI notified; customer notifications under way
- Records affected: 72,000 images (including 13,000 ID/selfie verifications) and 1.1 million messages
- Data: Sensitive personal images, verification ID documents, private chat content
- Cause: Misconfigured cloud storage and exposed Firebase database exploited by attackers
- Status: Confirmed; FBI engaged; app taken offline; identity protection offered
- Records affected: 553,660
- Data: Names, Social Security numbers, dates of birth, and medical and financial information
- Cause: Network intrusion in December 2024; revised impact disclosed July 2025
- Status: Confirmed; affected individuals offered credit monitoring
Trends in July 2025
- Third-party exposure dominates large breaches
Qantas, Allianz Life and Co-op all suffered incidents rooted in vendor or partner systems. - Retail and consumer brands remain prime targets
Multiple global-brand breaches underscore retail’s continued risk profile. - Data theft without encryption persists
Several attacks, including those on Dell and Louis Vuitton, involved pure exfiltration with no ransomware deployment. - Supply-chain and developer ecosystem compromises
Toptal’s GitHub breach and malicious NPM package uploads highlight software-supply-chain risks. - Cloud misconfiguration still costly
Tea’s exposure of highly sensitive images and messages shows that mismanaged cloud storage can be as damaging as deliberate hacking.
Key vulnerabilities exploited
- Third-party system weaknesses
Compromises at loyalty providers, contact-centre platforms and CRM tools facilitated the largest confirmed breaches. - Supply-chain compromises
Incidents like Toptal’s NPM poisoning demonstrate how developer platforms can be leveraged to reach downstream targets. - Credential abuse/social engineering
Likely entry vector in cases such as Ingram Micro’s SafePay ransomware attack. - Cloud misconfiguration
Tea’s unsecured storage and database access enabled mass extraction of highly sensitive user data. - Zero-day exploitation
MOVEit-style file-transfer vulnerabilities remain in play, as suspected in the Allianz Life breach.
List of data breaches and cyber attacks disclosed in June 2025
| Disclosure date | Organisation | Country | Sector | Incident type | Records affected |
| 01/07/2025 | Kelly Benefits | USA | Insurance/HR | Data breach | 553,660 |
| 02/07/2025 | Qantas | Australia | Airline | Third-party (supply-chain) data breach | 6,000,000 customers |
| 02/07/2025 | Welthungerhilfe (WHH) | Germany | Humanitarian NGO | Ransomware (data theft) | Unknown |
| 02/07/2025 | IdeaLab | USA | Tech (R&D) | Ransomware (data theft) | Unknown (employees) |
| 03/07/2025 | Telefónica | Spain | Telecom | Data breach (disputed) | ~106 GB (claimed) |
| 03/07/2025 | Ingram Micro | Global (USA HQ) | IT Distribution | Ransomware (service outage) | Unknown |
| 08/07/2025 | Moviynt | USA | Software (SaaS) | Email account breach | Unknown |
| 08/07/2025 | Bitcoin Depot | USA | Financial (Crypto ATM) | Data breach (legacy) | 26,700 |
| 11/07/2025 | Albemarle County, VA | USA | Government (Local) | Ransomware (extortion) | ~26k+ (est.) |
| 16/07/2025 | Louis Vuitton | Multinational | Retail (Luxury) | Data breach (extortion) | “Multiple regions” (UK, EU & Asia clients) |
| 16/07/2025 | Co-op UK | United Kingdom | Retail (Consumer) | Data breach (ransomware) | 6,500,000 (loyalty members) |
| 16/07/2025 | Allianz Life | USA | Insurance | Third-party (software exploit) | “Majority of” 1.4 million |
| 17/07/2025 | US National Guard | USA | Government (Military) | Cyber espionage | Unknown |
| 17/07/2025 | BigONE Exchange | Seychelles | Crypto-currency | Hot wallet exploit | $27 million (crypto) |
| 18/07/2025 | WineLab (Russia) | Russia | Retail (Alcohol) | Ransomware | Unknown |
| 18/07/2025 | Singapore Critical Infrastructure | Singapore | Government/ Utilities | State-sponsored espionage | Unknown |
| 20/07/2025 | Dell Technologies | USA | Technology | Data extortion (no ransom) | 1.3 TB (mostly test data) |
| 22/07/2025 | Affidea Group | EU (multiple countries) | Healthcare (Imaging) | Cyber attack (IT disruption) | Unknown |
| 22/07/2025 | GMX DeFi Platform | Decentralized (N/A) | Crypto-currency (DeFi) | Smart contract exploit | $42 million |
| 23/07/2025 | Toptal (GitHub) | USA | Tech (Talent platform) | Account breach (supply-chain) | N/A |
| 24/07/2025 | Indian Council of Agricultural Research | India | Government (Research) | Cyber attack (data breach) | Unknown |
| 24/07/2025 | Steam (Early Access Game) | Global | Gaming | Supply-chain malware | N/A |
| 26/07/2025 | Tea | USA | Social Media (Dating) | Cloud data breach | 72,000 images1.1 M messages |
| 26/07/2025 | City of St. Paul | USA | Government (City) | Ransomware (data theft) | 43 GB (claimed; city says no PII) |
| 27/07/2025 | Naval Group | France | Defence contractor | Data breach | 1 TB |
| 28/07/2025 | Orange Telecom | France | Telecomms | Third-party service breach | Undisclosed |
| 29/07/2025 | Aeroflot | Russia | Transportation (Airline) | Cyber attack (IT disruption) | N/A |
| 30/07/2025 | Rigla Pharmacy Chain | Russia | Healthcare (Pharmacy) | Cyber attack (service disruption) | N/A |
| 31/07/2025 | Dollar Tree | USA | Retail | Third-party (ransomware claim) | 1.2 TB (claimed) |
Discover your vulnerabilities before attackers do
To avoid falling victim to cyber attacks, it’s critical to understand where you are most vulnerable to attack. Then you can close any security gaps before it’s too late.
Don’t leave your vulnerabilities to chance. Collaborate with a team that understands your risks and delivers actionable solutions.
Contact our penetration testing experts today to discuss your security needs.
