HMRC has reported a loss of £47 million due to a phishing scam that compromised 100,000 taxpayer accounts, although affected individuals will not incur any financial loss. The breach involved organized crime using stolen personal information, but HMRC clarified that it was not a cyber-attack and has since secured the accounts and removed any incorrect information. Affected taxpayers will receive notifications from HMRC in the coming weeks.

French retailer Auchan has reported a data breach affecting several hundred thousand customers, compromising sensitive information linked to loyalty accounts, such as names, addresses, and contact details. The company has notified affected individuals and the French Data Protection Authority, advising them to be cautious of potential phishing attempts. However, bank data and passwords remain secure following the incident.

Coinbase experienced a significant data breach in 2025 that compromised the personal information of nearly 70,000 users due to unauthorized access by outsourced call center agents in India. The attackers leveraged social engineering tactics, leading to a rise in phishing attempts, while Coinbase faced estimated remediation costs between $180 million to $400 million and launched a bounty for information on the perpetrators. The incident has sparked discussions on the vulnerabilities associated with outsourcing sensitive customer data management.

Toys “R” Us Canada has notified customers of a data breach in which threat actors leaked personal customer information, including names, addresses, emails, and phone numbers, but not passwords or credit card details. The breach was discovered on July 30, 2025, when the data was posted on the dark web, prompting the company to enhance its cybersecurity measures and notify regulatory authorities. Customers are advised to be vigilant against phishing attempts following the breach.

A series of data breaches affecting companies such as Qantas, Allianz Life, LVMH, and Adidas has been attributed to the ShinyHunters extortion group, which uses voice phishing to compromise Salesforce CRM accounts. The attackers impersonate IT support to manipulate employees into entering connection codes that link malicious applications to Salesforce environments, leading to data theft and potential extortion attempts without public leaks so far. Salesforce has confirmed that their platform is not compromised, emphasizing the importance of customer vigilance against social engineering attacks.

Cyberattacks surged during the summer of 2025, with ransomware groups targeting healthcare and retail sectors, while nation-state actors engaged in geopolitical cyber activities. Major incidents included the rise of the Interlock and Qilin ransomware groups, significant data breaches in retail, and the exploitation of Microsoft SharePoint vulnerabilities in a widespread campaign. Organizations are urged to improve their defenses by patching vulnerabilities, training personnel, and monitoring for lateral movement post-intrusion.

A massive leak of 16 billion login credentials from various online services has been confirmed, marking one of the largest data breaches in history. Cybersecurity experts warn that these compromised credentials pose a significant risk for account takeovers and phishing attacks, emphasizing the importance of switching to secure passkeys and maintaining strong password hygiene. Users are urged to change passwords, utilize password managers, and adopt multi-factor authentication to protect their accounts.

Air France and KLM have reported a data breach resulting from unauthorized access to a third-party platform, compromising customer information such as names, contact details, and loyalty program numbers. The airlines have advised customers to be cautious of phishing attempts but confirmed that sensitive information like passwords and credit card details were not accessed.

Adidas has confirmed that hackers stole personal data from a third-party customer service provider, primarily affecting contact information of customers who interacted with their help desk. The company assures that sensitive information like passwords and payment details were not compromised, but warns customers to remain vigilant against potential phishing attempts due to the breach.