The Week in Breach News: 05/21/25 – 05/27/25

Exploit: Hacking

Industry: Retail

Tiffany & Co. has confirmed a cybersecurity breach affecting customers in South Korea, marking the second such incident involving an LVMH Moët Hennessy Louis Vuitton brand in recent months. The breach, which occurred on April 8, involved unauthorized access to a third-party vendor platform used to manage customer information. According to an email notification sent by Tiffany Korea to impacted customers on May 26, the company verified on May 9 that personal data belonging to individuals in South Korea had been compromised. The exposed data includes customer names, addresses, phone numbers, email addresses, internal ID numbers and purchase history.

Exploit: Ransomware

Industry: Healthcare

A cyberattack has disrupted hospital operations across Ohio-based Kettering Health, causing widespread outages and delays in patient care at 14 hospitals and more than 100 outpatient facilities. The incident began on May 20 and led to a system-wide technology failure that prevented staff from accessing key patient care systems for five days. As a result, many elective inpatient and outpatient procedures were postponed, and the hospital network’s call center was knocked offline. IT staff reportedly discovered a ransom note identifying the attacker as the Interlock ransomware gang. The healthcare network said it is continuing to investigate the attack and working to restore full functionality while prioritizing patient safety and care.

Exploit: Ransomware

Industry: Telecommunications

Wisconsin-based mobile carrier Cellcom confirmed a cyberattack caused the widespread service outage that began on May 14, disrupting voice and SMS services across Wisconsin and Upper Michigan. Initially attributed to technical issues, the company later acknowledged the cyberattack after an internal investigation. Cellcom assured customers that sensitive personal data was not affected, as the attack targeted a separate part of its network. Data services, iMessage, RCS messaging and 911 remained functional throughout the incident. The company said it is working with external experts, the FBI and state officials to resolve the incident.

Exploit: Misconfiguration

Industry: Business Services

Serviceaide, a San Jose-based IT support provider that leverages agentic AI, reported a major data breach affecting almost 500,000 patients of Catholic Health’s six-hospital system in Buffalo, New York. Serviceaide discovered an Elasticsearch database containing patient electronic protected health information had been publicly accessible without authentication from September 19 to November 5, 2024. The exposed data included sensitive details such as names, dates of birth, Social Security numbers, medical records, insurance, treatment, prescriptions and login credentials. Serviceaide is notifying affected individuals and continuing its investigation.

Exploit: Hacking

Industry: Retail

German sportswear brand Adidas confirmed a data breach involving unauthorized access to consumer contact details through a third-party customer service provider. The company said bad actors snatched contact information of people who had been in touch with its help desk. No sensitive information like passwords or payment data was affected. The company said it quickly contained the incident, launched an investigation with cybersecurity experts and is taking steps to strengthen its data protection. Earlier in May 2025, Adidas disclosed data breaches in its Turkish and South Korean arms.

Exploit: Ransomware

Industry: Government

The West Lothian Council in Scotland confirmed a ransomware attack on its education network, impacting IT systems across 13 secondary schools, 69 primary schools and 61 nurseries. The Interlock group claimed responsibility. While most stolen data appears related to operational matters like lesson planning, officials now believe some personal information may also have been compromised. The council was quick to assure the public that confidential pupil, financial and social work records were not stored in the impacted system. The affected network was quickly isolated, and there is no evidence that other council systems were breached. However, the council warned it has not ruled out the theft of sensitive medical or social work data. Parents, carers and staff are being notified, and Police Scotland is leading the investigation.

Exploit: Hacking

Industry: Transportation & Logistics

Logistics firm Peter Green Chilled has been hit by a ransomware attack, disrupting supplies of refrigerated foodstuffs to several regional supermarkets in Somerset, including Aldi, Tesco and Sainsbury’s. Although the attack occurred two weeks ago, the company informed smaller food producers only late last week that some orders could not be processed due to the cyber incident. Peter Green Chilled said transport operations were unaffected but declined to detail the impact on its IT systems.