Summary

  • Total number of incidents disclosed:
  • Total number of confirmed records breached: 21,227,208

Welcome to another monthly round-up of monthly cyber attack and data breach news. October 2025 saw 20 publicly reported cyber attacks and data breaches around the globe. In total, at least 21.2 million records were confirmed to have been breached.

As ever, these are the incidents that made the news this month – the list is, by necessity, far from exhaustive.

The month’s five largest incidents

Prosper Marketplace

  • Records affected: about 17,600,000
  • Data: names, addresses, dates of birth, Social Security numbers, stated income
  • Cause: unauthorised access via compromised administrative credentials
  • Status: confirmed

Dukaan

  • Records affected: 3.5 million merchants; 16 million customers (potentially)
  • Data: live order metadata, customer names, phone numbers, email/home addresses, purchased items; exposed API keys/tokens for payment gateways
  • Cause: Cloud misconfiguration (unprotected Apache Kafka stream)
  • Status: confirmed (scale potentially exposed; precise totals unverified)

Allianz Life Insurance Company of North America

  • Records affected: 1,497,036
  • Data: names, addresses, dates of birth, Social Security numbers
  • Cause: third-party breach of a Cloud CRM platform (supply-chain)
  • Status: confirmed

WestJet

  • Records affected: 1,200,000
  • Data: personal identifiers including names, birth dates, addresses, ID details, loyalty information
  • Cause: social-engineering-led intrusion leading to data theft
  • Status: confirmed

Motility Software Solutions

  • Records affected: 766,670
  • Data: names, contact details, dates of birth, Social Security and driver’s licence numbers
  • Cause: ransomware with exfiltration (PEAR group)
  • Status: confirmed

 

Trends in October 2025

  • Third-party risk remained the most common breach vector – Cloud CRMs, billing partners and outsourced support vendors drove several disclosures.
  • Oracle EBS zero-day extortion persisted, with confirmed limited impacts at universities and airlines, plus broader but unverified campaign claims.
  • Ransomware with data theft continued to feature, though several victims reported unknown or non-consumer data impacts.
  • Large-scale exposures from misconfiguration resurfaced, with a single unsecured data stream potentially exposing tens of millions of customer events.
  • Mixed evidence: multiple organisations reported intrusions but “no evidence of data theft”, apparently reflecting tighter detection but a more cautious approach to disclosure.

Key vulnerabilities exploited

  • Oracle E-Business Suite zero-day exploited at scale in extortion campaigns.
  • Cloud/service-provider weaknesses including unsecured data streams and third-party platform breaches.
  • Credential compromise of administrative accounts enabling database access.
  • Email account takeovers resulting in PHI exposure in healthcare.
  • Source-code platform compromise (self-hosted GitLab) enabling mass repository exfiltration.

List of data breaches and cyber attacks disclosed in October 2025

Disclosure dateOrganisationCountrySectorIncident typeRecords affected
01 October 2025WestJetCanadaTransportation (Aviation)Cyber attack (social engineering→data breach)1,200,000
02 October 2025Allianz Life Insurance Company of North AmericaUSAFinance (Insurance)Third-party breach (cloud CRM)1,497,036
02 October 2025Motility Software SolutionsUSATechnology (Automotive SaaS)Ransomware (data theft & extortion)766,670
02 October 2025Oracle E-Business Suite (multiple orgs)GlobalCross-industryExtortion campaign (Oracle EBS zero-day)Unknown
02 October 2025Red Hat ConsultingUSATechnology (IT Services)Data breach (GitLab compromise, source-code/data exfiltration)Unknown (about 570 GB)
07 October 2025Williams & ConnollyUSALegal servicesCyber attack (email account compromise)Unknown
07 October 2025DiscordUSATechnology (Social platform)Third-party breach (support vendor)About 70,000
13 October 2025Nintendo Co. Ltd.JapanTechnology (Gaming)Claimed breach (disputed)Unknown
13 October 2025Harvard UniversityUSAEducationVulnerability exploitation (Oracle EBS zero-day)Unknown
15 October 2025Jewett-Cameron Trading Co.USAManufacturingRansomware (data theft & encryption)Unknown
16 October 2025Sotheby’sUSARetail (Auction)Data breach (employee PII)Unknown (employees only)
17 October 2025Verisure/Alert AlarmSwedenSecurity servicesThird-party data breach (billing partner)About 35,000
17 October 2025Envoy Air (American Airlines)USATransportation (Airline)Cyber attack (Oracle EBS zero-day extortion campaign)Unknown (no sensitive data)
20 October 2025Prosper MarketplaceUSAFinance (Fintech lending)Unauthorised access (admin credentials)About 17,600,000
21 October 2025Radiologic Medical Services, P.C.USAHealthcare (Radiology)Email account breach (PHI exposure)56,902
21 October 2025Dodo/iPrimus (Vocus)AustraliaTelecommunicationsAccount compromise (email→SIM swapping)1,600 emails + 34 SIMs
21 October 2025DukaanIndiaTechnology (E-commerce)Cloud misconfiguration (unsecured data stream)3,500,000 merchants; 16,000,000 customers (potentially)
23 October 2025Toys “R” Us CanadaCanadaRetail (Consumer toys)Data breach (data leaked online)Unknown
27 October 2025GCash (G-Xchange)PhilippinesFinance (Mobile payments)Alleged data leak (dark-web sale)Unknown (“millions” claimed)
29 October 2025Ribbon CommunicationsUSATelecom (Network equipment)Cyber espionage (nation-state APT intrusion)Unknown

Click here for September 2025’s data breaches and cyber attacks

Discover your vulnerabilities before attackers do

To avoid falling victim to cyber attacks, it’s critical to understand where you are most vulnerable to attack. Then you can close any security gaps before it’s too late.

Don’t leave your vulnerabilities to chance. Collaborate with a team that understands your risks and delivers actionable solutions.

Contact our penetration testing experts today to discuss your security needs.

Book your free scoping session