The Week in Breach News: 06/11/25 – 06/17/25

Exploit: Ransomware

Industry: Food & Beverage

United Natural Foods, Inc. (UNFI), a major U.S. distributor of natural, organic and specialty foods based in Providence, RI, has reported a cybersecurity incident that is impacting its operations. The breach was first detected on June 5, when the company identified unauthorized activity within its IT systems. In response, UNFI took parts of its systems offline and initiated its incident response protocols. As a result, the company’s ability to process and fulfill orders has been disrupted. UNFI supplies over 30,000 retailers across the U.S. and Canada, including major chains like Whole Foods Market.

Exploit: Phishing

Industry:  Government

Officials at the Illinois Department of Healthcare and Family Services (HFS) have disclosed a data breach affecting 933 individuals, including 564 Illinois residents, following a phishing attack in February. According to the agency’s breach notification, threat actors gained access to an HFS employee’s email account through malicious emails sent from another compromised government account. The attackers may have exfiltrated sensitive data such as names, birthdates, driver’s license and state ID numbers, Social Security numbers and information related to child support or Medicaid finances.

Exploit: Hacking

Industry: Insurance

Erie Insurance and Erie Indemnity Company have confirmed that a cyberattack over the weekend is the cause of widespread service disruptions and platform outages affecting their operations since Saturday, June 7. The incident has left many customers unable to access the company’s website or customer portal, with reports of difficulties filing claims or receiving essential documents. In a public statement, Erie Insurance emphasized that it will not contact customers via phone or email to request payments during the outage. The company has not yet disclosed whether ransomware was involved or if any customer data was compromised. Investigations into the scope and impact of the breach are ongoing.

Exploit: Ransomware

Industry: Technology

Ocuco, a Dublin-based software provider serving 6,750 client sites across 88 countries, has disclosed a major data breach affecting nearly 241,000 individuals, according to a report filed with the U.S. Department of Health and Human Services on May 30. The breach stems from a hacking incident involving a network server and is believed to be linked to a ransomware attack. The ransomware group KillSec has claimed responsibility for the attack on its dark web leak site, alleging it exfiltrated more than 340 gigabytes of data comprising over 670,000 files and 26,000 folders. An Ocuco spokesperson stated the company first became aware of the breach on April 1 after discovering the threat actor’s post online. The company is currently conducting a thorough review to determine what personal data may have been compromised.

Exploit: Hacking

Industry: Airline

WestJet, Canada’s second-largest airline, is investigating a cyberattack that has disrupted access to several internal systems and caused intermittent issues on its website and mobile app. While the airline confirmed that flight operations remain safe and ongoing, it admitted that the attack has affected some of its software and services. Customers may experience interruptions or errors when using digital platforms as WestJet continues to assess the full scope of the incident. It remains unclear whether the disruption is due to a ransomware attack or a precautionary shutdown of systems. The company is actively working to determine the impact and restore full functionality.

Exploit: Ransomware

Industry: Entertainment

A ransomware attack on Yes24, one of South Korea’s largest ticketing platforms and online book retailers, has caused widespread disruption across the country’s entertainment sector. The cyberattack took Yes24’s website and services offline for four days, halting online bookings for concerts, e-book access, and community forums, before full operations were restored by June 15. The outage led to the cancellation or postponement of events featuring stars such as Park Bo-gum, Enhypen, Ateez and rapper B.I. Additionally, musical producers for shows like The Bridges of Madison County and Aladdin implemented stricter entry procedures, requiring audiences to present printed or emailed ticket confirmations. Several attendees were reportedly turned away earlier in the week due to their inability to verify their reservations.

Exploit: Hacking

Industry: Transportation

Indian car-sharing company Zoomcar has disclosed a data breach impacting the personal information of approximately 8.4 million users. The company first became aware of the incident on June 9, when hackers contacted Zoomcar employees claiming to have accessed its systems and stolen user data. The compromised information includes names, phone numbers, car registration numbers, addresses and email addresses. Zoomcar, which operates in 99 cities across India and serves over 10 million users, is investigating the breach but stated there is currently no evidence that financial details or passwords were compromised. This marks the second major breach for Zoomcar, following a significant incident in July 2018.