The Week in Breach News: 05/07/25 – 05/13/25    

Exploit: Hacking

Industry:

Medical technology company Masimo Corporation disclosed that it experienced unauthorized activity on its on-premise network, affecting manufacturing operations. The breach was identified on April 27. As a result of the incident, some of Masimo’s manufacturing facilities have been operating below normal capacity, temporarily affecting the company’s ability to process, fulfill and ship customer orders. The company is working diligently to restore normal operations and mitigate the impact of the breach.

Exploit: Hacking

Industry: Transportation

Hackers linked to the Anonymous collective breached GlobalX Air, the primary airline the U.S. government is using for deportation flights. They stole sensitive data, including flight records and passenger manifests. The attackers also gained access to the airline’s flight planning software and internal databases, broadcasting defacement messages to pilots and staff and deleting internal data. A defacement message left on GlobalX’s website accused the company of ignoring court orders and featured its signature Guy Fawkes mask, stylized with the U.S. flag. GlobalX, which handled approximately 75% of U.S. deportation flights in 2024, has not yet commented publicly on the extent of the breach or its operational impact.

Exploit: Hacking

Industry: Healthcare

Yale New Haven Health experienced a data breach impacting approximately 5.6 million individuals, the largest healthcare breach reported to U.S. federal regulators to date in 2025. The Connecticut-based health system detected unusual activity on its IT systems in early March and later confirmed that an unauthorized third party accessed its network and exfiltrated copies of patient data. Exposed information includes demographic details, Social Security numbers, patient types and medical record numbers. However, Yale New Haven emphasized that its electronic health record system and patient portal were not compromised, and no financial or employee HR data was affected. Despite the breach, the provider, which operates five hospitals, maintained uninterrupted patient care throughout the incident. The breach has been reported to the Department of Health and Human Services’ Office for Civil Rights, and the health system continues working to mitigate any potential impact.

Exploit: Ransomware

Industry: Government

The City of Helsinki has announced a data breach affecting families who used its Family Law Services between 2012 and 2019. The exposed data includes the names and personal identity codes of both parents and children, custody arrangement details, and in some cases, information about the child’s residence. In line with the GDPR, the City is notifying the individuals affected by the breach and has reported the incident to Finland’s Office of the Data Protection Ombudsman. Families seeking more information can contact Family Law Services directly or reach out to the City of Helsinki’s Data Protection Officer for additional guidance.

Exploit: Ransomware

Industry: Food & Drink

Oettinger Getränke, one of Germany’s largest brewers and a global top 25 player in the industry, is investigating a cyberattack that may have exposed sensitive data. The privately owned company confirmed the breach in a brief statement and is assessing the potential for data leaks. The ransomware group Ransom House claimed responsibility for the attack, posting a warning online about the stolen data. Despite the breach, Oettinger Getränke reported its production and logistics operations have not been affected. Founded in 1731, Oettinger Getränke remains one of the most significant players in the beer and soft drink market. Its investigation continues as the company works to secure its systems and assess the full extent of the damage.

Exploit: Hacking

Industry: Non-Profit

The U.K. Legal Aid Agency (LAA) disclosed a security incident, informing law firms that unauthorized third parties may have accessed sensitive financial information related to legal aid providers. Although the agency, which operates in England and Wales, confirmed the breach, it could not definitively confirm which specific data, if any, had been compromised. The investigation into the breach is ongoing, with authorities focused on determining the full extent of the incident and implementing necessary remedial measures. The LAA continues to work with relevant authorities to address the situation and safeguard the data of affected parties.

Exploit: Phishing

Industry: Education

Thousands of pupils in Edinburgh were forced to attend school over the weekend to reset their passwords after a phishing attack targeted the city’s education department. The cyberattack, which disrupted access to vital exam revision resources, was identified when teachers received a suspicious email invitation for a meeting, which was later confirmed as a spear phishing attack. As a precautionary measure, more than 2,500 students were invited to schools on Saturday to have their passwords reset, resulting in a missed day of revision just ahead of key summer exams.