The Week in Breach News: 06/03/25 – 06/10/25
This week: Two malicious insider attacks leave companies reeling; Cartier and The North Face are hit as a major retailer attack spree continues; and six news business-themed phishing training kits just dropped in BullPhish ID.
See the evolution of the MSP business in our infographic 7 Key Stats From the 2025 MSP Benchmark Survey. DOWNLOAD IT>>
The North Face
https://www.just-style.com/news/north-face-cyber-attack
Exploit: Credential Stuffing
Industry: Retail
The North Face confirmed a cyberattack exposed customer information. An estimated 3,000 customers had their names, email addresses, shipping addresses and order histories snatched. The company stated that no passwords or payment card data were compromised, as card information is handled by a third-party processor and not stored on its website. The breach was the result of a credential stuffing attack and is believed to have been carried out by Scattered Spider, the group responsible for the Marks & Spencer (M&S) attack. The company has disabled all passwords for accounts on its site and has forced customers to create new ones.
How It Could Affect Your Customers’ Business: Google Threat Intelligence warned U.S. retailers that the same hackers that hit UK retailers are now using similar tactics against U.S. companies.
Kaseya to the Rescue: Learn how Tailored Threat Response with RocketCyber Dynamic Remediation speeds up incident response with automation to minimize damage. GET THE FEATURE SHEET>>
MainStreet Bank
https://www.scworld.com/brief/mainstreet-bank-data-pilfered-in-third-party-hack
Exploit: Supply Chain Attack
Industry: Business Services
MainStreet Bank disclosed a cyberattack on one of its third-party vendors exposed sensitive information affecting about 5% of its customers. In an SEC filing, the bank said it learned of the breach in March and launched an investigation confirming that its own systems were not compromised. No unauthorized transactions or account theft was found, and customer services remain unaffected. MainStreet Bank has since severed ties with the impacted vendor.
How It Could Affect Your Customers’ Business: When a vendor or service provider has cybersecurity trouble, it can result in customers taking their business elsewhere.
Kaseya to the Rescue: Learn proven strategies for mitigating both malicious and accidental insider risk to keep businesses out of trouble in our Guide to Insider Risk. DOWNLOAD IT>>
Jackson Health System
Exploit: Malicious Insider
Industry: Healthcare
Jackson Health System in Miami revealed that over 2,000 patients had their personal data accessed for nearly five years by an employee promoting a personal healthcare business. The breach, which occurred between July 2020 and May 2025, involved names, birth dates, addresses, medical record numbers and clinical details (Social Security numbers were not exposed). This breach adds to Jackson Health’s troubled history with data security. The hospital was fined $2.15 million in 2019 for previous privacy violations, and just days ago, a fundraising executive was arrested in a $1 million kickback scheme. Jackson says it has since taken steps to tighten data access and is notifying affected patients.
How It Could Affect Your Customers’ Business: Companies must take care to remove any ex-employee’s access to systems and data during offboarding to avoid incidents like this one.
Kaseya to the Rescue: Get tips to strengthen a company’s defenses and bolster its cyber resilience with our Building a Cyber-Resilient Business checklist. GET THE CHECKLIST>>
City of Durant, Okla.
https://www.kxii.com/2025/06/02/durant-targeted-by-ransomware-attack-some-services-impacted/
Exploit: Ransomware
Industry: Government
The City of Durant in Oklahoma, capital of the Choctaw Nation and home to more than 20,000 residents, said it was hit by a ransomware attack that knocked out some services. City officials said staff immediately began working with law enforcement and cybersecurity experts to investigate and mitigate the incident. Digital and credit card payments, along with certain administrative systems, were most impacted. The Durant Police Department said its communications center has also experienced network outages but emphasized that 911 emergency services remain fully operational. The city said no ransom demand has been identified.
How it Could Affect Your Customers’ Business: Multiple Native American governments have been attacked by ransomware gangs this year, including tribes in Minnesota and Michigan.
Kaseya to the Rescue: Maximize your security on a lean budget with the insights you’ll find in our infographic 5 Ways to Squeeze More From a Tight Security Budget. DOWNLOAD IT>>
Feeling overwhelmed by your task list? Discover four strategies for reducing your workload! GET INFOGRAPHIC>>
U.K. – His Majesty’s Revenue and Customs
https://www.bbc.com/news/articles/cvgnz3r2m7eo
Exploit: Phishing
Industry: Government
Scammers stole an estimated $63M from the online accounts of 100,000 people through phishing after posing as taxpayers, His Majesty’s Revenue and Custom (HMRC) has revealed. The tax authority said it is writing to those affected to confirm it has secured their accounts. The scammers used phishing attacks to gain customer details and attempted to claim rebates. Bad actors concentrated on setting up new accounts that leveraged information for taxpayers who didn’t have a need for an online tax account, making it less likely that those taxpayers would discover the fraudulent accounts.
How it Could Affect Your Customers’ Business: Phishing schemes like this show the importance of proactive cybersecurity and employee awareness training to guard against identity-based fraud.
Kaseya to the Rescue: Identify the must-have features in a user protection solution and explore how to build a robust user protection strategy in our Modern User Protection Buyer’s Guide. GET IT>>
France – Cartier
Exploit: Hacking
Industry: Retail
Summary: Legendary jeweler Cartier had its website hacked and some client data stolen Cartier has determined that names, emails and the country of origin of customers may have been compromised during the security incident. Cartier noted that the stolen data did not include any passwords, credit card details or other banking information. The company stated it has enhanced its system protections, and it reported the incident to authorities.
How it Could Affect Your Customers’ Business: Information stolen from high-end brands can be used to facilitate spear phishing or whaling attacks against C-suite executives.
Kaseya to the Rescue: Discover how Kaseya 365 User delivers comprehensive protection beyond the endpoint without breaking the bank. GET THE EBOOK>>
Discover user protection for the modern workforce in our eBook Kaseya 365 User Protection Business Case. GET IT>>
India – KiranaPro
Exploit: Hacking
Industry: Retail
Bengaluru startup KiranaPro confirmed that a former employee was behind a recent data breach that erased critical company data, including app source code from GitHub. The breach, discovered last week, was the result of the company’s failure to revoke the ex-employee’s access. The individual, whose identity remains undisclosed, deliberately deleted server logs and other key data. KiranaPro said its external systems remain secure, and the company is tightening internal access controls.
How it Could Affect Your Customers’ Business: This incident highlights the importance of promptly revoking access for departing employees.
Kaseya to the Rescue: Explore the biggest challenges professionals contended with in 2024 and the impact of AI on cybersecurity in the Kaseya Cybersecurity Survey 2024. GET THE REPORT>>
Take a deep dive into why an AI-powered anti-phishing solution is a smart financial choice. GET EBOOK>>
Keep employees on their toes with six new business-themed kits in BullPhish ID
Are your U.S. users sufficiently cautious about seemingly routine business emails? Put them to the test with our six new phishing training kits based on the types of messages employees handle daily.
- Google Subpoena Simulation, US – English
- Microsoft Word – New Comment, US – English
- DocuSign – Tax Information, US – English
- Skype – Closure Notice, US – English
- Zoom – “Annual Performance Review” invitation, US – English
- Zoom – Account Suspended, US – English
Learn more and see other fresh phishing training kits in the BullPhish ID Release Notes.
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
Watch key SaaS security trends: Findings from the 2025 SASI Report
SaaS adoption is at an all-time high, but with over 50% of accounts being unmanaged guest users, security vulnerabilities are growing. Cyberthreats like token hijacking, unauthorized access and risky file-sharing behaviors can expose businesses to significant risks. Watch the on-demand webinar to uncover key findings from the 2025 SASI Report and gain actionable strategies to enhance SaaS security.
Key highlights:
- Uncover hidden SaaS security risks
- Get insights into user activity and risky file-sharing behaviors
- Gain actionable strategies for improved SaaS security
Don’t let security gaps put your business at risk. Watch the webinar recording now and stay ahead of emerging SaaS threats. WATCH NOW>>
Get expert advice for protecting your organization’s most vulnerable gateway in this infographic. DOWNLOAD IT>>
How to Prevent Session Hijacking and Protect Business Email
June 24, 2025 | 1:00 PM ET
MFA is no longer enough. Sophisticated Adversary-in-the-Middle (AiTM) attacks can bypass MFA and hijack Microsoft 365 sessions, putting sensitive data and business continuity at risk.
Join us to uncover how these threats work and defend against them. We’ll explore practical strategies like token protection, advanced M365 configurations, and SaaS Alerts for automated detection and response.
June 18: GTM Strategies: Helping MSPs Deliver Network Pentesting Beyond Compliance REGISTER NOW>>
July 3: Kaseya+Datto Connect Local: Perth REGISTER NOW>>
July 15: Kaseya+Datto Connect Local: Montreal REGISTER NOW>>
August 28: Kaseya+Datto Connect Local: Brisbane REGISTER NOW>>
September 4: Kaseya+Datto Connect Local: Adelaide REGISTER NOW>>
October 6 – 8: Kaseya DattoCon Miami REGISTER NOW>>
October 28 – 30: Kaseya DattoCon Asia-Pacific REGISTER NOW>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Read our case studies and see how MSPs and businesses have benefited from using our solutions. READ NOW>