The Week in Breach News: 04/30/25 – 05/06/25
This week: Shocking cyberattacks hit three major U.K. retailers; two malicious insider incidents rock government agencies; a recap of the cybersecurity innovation highlights from Kaseya Connect 2025; and three freshly translated courses to teach employees about smishing and vishing.
Kaseya Connect 2025 just ended, and we made some epic announcements! Learn more about our innovation: Kaseya Connect Innovation Keynote Highlights Efficiency and Security Advancements
Texas Health and Human Services Commission
https://www.texastribune.org/2025/04/30/texas-hhsc-data-breach-snap-medicaid/
Exploit: Malicious Insider
Industry: Government
The Texas Health and Human Services Commission (HHSC) notified 94,000 benefit recipients that a group of state employees improperly accessed their personal data. So far, nine employees have been fired for accessing accounts without a business reason, with some linked to food stamp card theft. The breached data includes personally identifying information, Social Security numbers and Medicaid/Medicare identification numbers. HHSC also disclosed an employee from one of the agency’s service providers, Maximus, is suspected of involvement in this incident.
How It Could Affect Your Customers’ Business: This shows why strict access controls and least-privilege principles are essential to limit who can access sensitive information and prevent a data breach.
Kaseya to the Rescue: Explore the biggest challenges professionals contended with in 2024 and the impact of AI on cybersecurity in the Kaseya Cybersecurity Survey 2024. GET THE REPORT>>
Barnstable County Sheriff’s Office
Exploit: Malicious Insider
Industry: Government
The Barnstable County Sheriff’s Office in Massachusetts disclosed it placed an employee on administrative leave after discovering a data breach. The employee was caught emailing themselves a spreadsheet containing personal information of over 100 current and former employees. The breach is under investigation. The office is notifying affected employees as well as the state Attorney General’s Office.
How It Could Affect Your Customers’ Business: Continuous monitoring and auditing of employee access can detect and deter improper behavior before it escalates.
Kaseya to the Rescue: Maximize your security on a lean budget with the insights you’ll find in our infographic 5 Ways to Squeeze More From a Tight Security Budget. DOWNLOAD IT>>
Get expert advice for protecting your organization’s most vulnerable gateway in this infographic. DOWNLOAD IT>>
U.K. – Harrods
Exploit: Hacking
Industry: Retail
Harrods has been hit by a cyberattack. The DragonForce cybercrime group, sometimes called “ScatteredSpider,” claimed responsibility. The luxury department store admitted it was forced to shut down some unnamed systems but said its website and all its stores, including the Knightsbridge flagship, H beauty and its airport outlets, continue to operate. The retailer disclosed that it first realized it was being targeted last week. The retailer said it is engaging experts to investigate the issue.
How It Could Affect Your Customers’ Business: Early detection tools and a rapid response plan are critical for mitigating the impact of cyber trouble.
Kaseya to the Rescue: Get tips to strengthen a company’s defenses and bolster its cyber resilience with our Building a Cyber-Resilient Business checklist. GET THE CHECKLIST>>
U.K. – Marks & Spencer
Exploit: Ransomware
Industry: Technology
Iconic retailer Marks & Spencer fell victim to a cyberattack that has severely impacted its operations, sending shockwaves throughout its customer base. The DragonForce (or Scattered Spider) ransomware group claimed the attack. The retailer said the ransomware attack crippled its online and internal network operations, forcing system shutdowns, ad hoc work on personal devices and disruption of the timecard system. Thus far, the incident has cost Marks & Spencer millions in lost sales and hit its share price. A company insider told Sky News that the retail giant didn’t have an incident response or business continuity plan to fall back on, making the incident worse. It could take months for Marks & Spencer to recover from the blow.
How it Could Affect Your Customers’ Business: Failure to plan costs serious money – unpreparedness directly amplified financial losses, operational downtime and reputational damage here.
Kaseya to the Rescue: Our 10 Tips for Successful Employee Security Awareness Training infographic can help you maximize the effectiveness of your security awareness training efforts. DOWNLOAD IT>>
U.K. – The Co-op Group
https://www.reuters.com/world/uk/britains-co-op-is-latest-retailer-be-hit-by-cyber-attack-2025-04-30
Exploit: Ransomware
Industry: Retail
The Co-op Group confirmed the company was hit by a cyberattack that resulted in the shutdown of parts of its back office and call center operations. The hacking group DragonForce (aka ScatteredSpider) claims to have stolen customer databases, employee credentials and membership card data. They shared samples of data they allegedly accessed, claiming they nabbed information about 20 million rewards program members. Co-op admitted customer data was compromised but did not disclose details.
How it Could Affect Your Customers’ Business: Rewards and membership programs are high-value targets and organizations must also apply rigorous security controls to this type of data.
Kaseya to the Rescue: Identify the must-have features in a user protection solution and explore how to build a robust user protection strategy in our Modern User Protection Buyer’s Guide. GET IT>>
Feeling overwhelmed by your task list? Discover four strategies for reducing your workload! GET INFOGRAPHIC>>
Japan – Kintetsu World Express
https://therecord.media/kintetsu-world-express-ransomware-attack-japan
Exploit: Ransomware
Industry: Shipping & Logistics
Major Japanese logistics provider Kintetsu World Express (KWE) confirmed that it fell victim to a ransomware attack that disrupted some of its systems. The incident, first detected on April 23, caused service interruptions for certain customers. KWE has not disclosed whether a ransom was demanded or if it plans to pay. An investigation is ongoing. This marks the second cyberattack on KWE in the past two years.
How it Could Affect Your Customers’ Business: Organizations targeted once are likely to be targeted again, making continuous improvement of cybersecurity defenses and incident response essential.
Kaseya to the Rescue: Discover how Kaseya 365 User delivers comprehensive protection beyond the endpoint without breaking the bank. GET THE EBOOK>>
South Korea – SK Telecom
https://www.koreaherald.com/article/10477906
Exploit: Hacking
Industry: Telecom
SK Telecom, South Korea’s top mobile carrier, is grappling with the fallout from a recent hack that saw malware installed on its internal systems. The company removed the malware, isolated the affected equipment and launched an investigation, reporting the incident to regulators. While no misuse of leaked data has been confirmed, SK Telecom is offering free USIM card replacements. Over 70,000 users switched to rival providers within two days of the breach.
How it Could Affect Your Customers’ Business: Customer churn can spike after a breach, so companies must prioritize both technical remediation and customer relationship management simultaneously.
Kaseya to the Rescue: Discover how Kaseya 365 User delivers comprehensive protection beyond the endpoint without breaking the bank. GET THE EBOOK>>
Take a deep dive into why an AI-powered anti-phishing solution is a smart financial choice. GET EBOOK>>
Read this week’s featured blog: Security highlights from Kaseya Connect 2025
Cybersecurity was in the spotlight at Kaseya Connect 2025. Take a look at the security innovations and expert insights into everything from AI-driven cyberattacks to innovative new tools like Kaseya SIEM that we shared at our annual event. READ MORE>>
Learn how to identify and mitigate malicious and accidental insider threats before there’s trouble! GET EBOOK>>
3 freshly translated smishing and vishing videos are here
Training employees to recognize smishing and vishing attacks is crucial because these tactics exploit human trust to steal sensitive data and bypass technical security defenses. These three fresh training videos in Spanish, French and Portuguese can help you run effective training campaigns.
- Smishing e Vishing VO (Portuguese)
- Hameçonnage Par Message Texte Et Hameçonnage Vocal VO (French)
- Smishing Y Vishing VO (Spanish)
Explore these videos and other translated lessons that are now available in the BullPhish ID Training Portal
Learn more in the BullPhish ID Release Notes.
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
Have you downloaded the 2025 Kaseya Global MSP Benchmark Report?
The 2025 Global MSP Benchmark Report from Kaseya offers exclusive insights from nearly 1,000 MSPs on revenue drivers, top challenges and strategies for success. Discover how MSPs are growing, strengthening cybersecurity, leveraging AI and staying competitive in a rapidly evolving industry.
Discover user protection for the modern workforce in our eBook Kaseya 365 User Protection Business Case. GET IT>>
You’re invited to meet Kaseya 365 Ops
Want to learn more about Kaseya 365 Ops? Join us for Introducing Kaseya 365 Ops: One Solution to Run Your MSP Business, an exclusive live webinar unveiling Kaseya 365 Ops – the AI-powered, all-in-one IT operations platform purpose-built to help MSPs simplify service delivery, eliminate inefficiencies and scale with confidence.
Whether you’re juggling a patchwork of tools or planning for growth, this session will show you how to gain full control through one powerful, integrated solution.
Don’t miss this essential introduction to Kaseya 365 Ops – with multiple sessions to choose from, you can attend when it fits your schedule.
- May 8, 2025, at 2 PM BST with Kevin Sequeira, General Manager, PSA Suite REGISTER NOW>>
- May 8, 2025, at 10:00 AM AEST with Kevin Sequeira, General Manager, PSA Suite REGISTER NOW>>
- May 13, 2025, at 2 PM EST with Nadir Merchant, GM, IT Operations REGISTER NOW>>
- May 14, 2025, at 11 AM BST with Stella Babu, Technical Account Manager and Kalin Padayachee, Technical Account Manager REGISTER NOW>>
May 8: Maximize Your Time Savings with the Right RMM REGISTER NOW>>
May 14: Endpoint Security and Beyond: How Kaseya 365 and Datto RMM Drive MSP Success REGISTER NOW>>
May 14: Kaseya + Datto Connect Local: Cape Town REGISTER NOW>>
May 15: Kaseya 365 Ops in Action: Operational Workflows for Endpoint Management and Automation REGISTER NOW>>
May 15: Kaseya + Datto Connect Local: Sydney REGISTER NOW>>
May 20: Kaseya + Datto Connect Local: Chicago Symposium REGISTER NOW>>
May 22: Kaseya + Datto Connect Local: Detroit REGISTER NOW>>
May 22: Kaseya + Datto Connect Local: Melbourne REGISTER NOW>>
June 3: Kaseya+Datto Connect Local: New York City Symposium REGISTER NOW>>
June 17 – 19: Kaseya DattoCon Europe REGISTER NOW>>
October 6 – 8: Kaseya DattoCon Miami REGISTER NOW>>
October 28 – 30: Kaseya DattoCon Asia-Pacific REGISTER NOW>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Read our case studies and see how MSPs and businesses have benefited from using our solutions. READ NOW>