M&S confirmed that a sophisticated impersonation attack led to a ransomware breach of their network, attributed to the DragonForce ransomware operation. The attackers tricked a third-party IT support company into resetting an employee's password, allowing access to M&S systems, which resulted in data theft and system shutdowns. M&S has not disclosed whether a ransom was paid or not, citing public interest concerns.

Allianz Life has reported that hackers stole personal information from the majority of its 1.4 million North American customers through a cyber-attack that exploited a third-party CRM system. The company has taken immediate action to contain the breach and is notifying affected individuals, while stating that its own systems remain secure.

Workday has disclosed a data breach following a social engineering attack that compromised a third-party CRM platform, exposing business contact information but not customer tenant data. The incident is believed to be part of a broader wave of attacks linked to the ShinyHunters extortion group, which has targeted multiple high-profile companies through similar tactics.