The Week in Breach News: 06/18/25 – 06/24/25
This week: A hit on a business services provider results in 19 companies, including several banks, having data exposed; Disney has proprietary data snatched; and three new phishing simulation kits modeled after the popular finance app Revolut.
Discover user protection for the modern workforce in our eBook Kaseya 365 User Protection Business Case. GET IT>>
Aflac
https://www.usatoday.com/story/tech/2025/06/21/aflac-data-leak-cyber-attack-breach-hack/84301222007
Exploit: Hacking
Industry: Insurance
Aflac revealed this week that cybercriminals breached its U.S. network, potentially exposing customers’ personal data, including Social Security numbers and health details. The company detected suspicious activity on June 12 and said it contained the intrusion within hours. In a June 20 filing, Aflac described the incident as part of a broader cybercrime campaign targeting insurers. The attack bore hallmarks of Scattered Spider, a hacking group known for industry-wide assaults.
How It Could Affect Your Customers’ Business: Smart companies invest in real-time threat detection, rapid incident response and continuous employee awareness training to mitigate risk.
Kaseya to the Rescue: Learn how Tailored Threat Response with RocketCyber Dynamic Remediation speeds up incident response with automation to minimize damage. GET THE FEATURE SHEET>>
Krispy Kreme
https://izoologic.com/threat-advisory/krispy-kreme-confirms-data-leak-after-ransomware-attack
Exploit: Ransomware
Industry: Food & Agriculture
Krispy Kreme confirmed a December 2024 ransomware attack exposed sensitive personal data of employees and their families. The Play ransomware group claimed responsibility, stealing 184 GB of data and publishing it after the company refused to pay. Exposed information includes Social Security numbers, financial data, health records, and biometric and military ID details. Notifications are now being sent to those affected. The company did not specify how many people were impacted but reported 7,000 victims in Texas to that state’s attorney general.
How It Could Affect Your Customers’ Business: Protecting employee data through strong data encryption and strict access controls should be as much a priority as protecting customer data.
Kaseya to the Rescue: Learn proven strategies for mitigating both malicious and accidental insider risk to keep businesses out of trouble in our Guide to Insider Risk. DOWNLOAD IT>>
Episource
https://therecord.media/5-million-affected-episource-data-breach
Exploit: Hacking
Industry: Technology
California-based Episource disclosed a major data breach affecting more than 5.4 million individuals, according to filings with the U.S. Department of Health and Human Services. In a notice posted on its website, the company revealed that hackers copied files from its systems between January 27 and February 6, 2025. The stolen data includes highly sensitive information such as Social Security numbers, health insurance and Medicare/Medicaid ID numbers, as well as medical records detailing doctors, diagnoses, test results, images, care plans and treatments.
How It Could Affect Your Customers’ Business: Robust security is essential in healthcare data environments, especially those handling large volumes of sensitive patient information.
Kaseya to the Rescue: Get tips to strengthen a company’s defenses and bolster its cyber resilience with our Building a Cyber-Resilient Business checklist. GET THE CHECKLIST>>
The Walt Disney Company
https://www.scworld.com/brief/disneyland-paris-data-allegedly-stolen-by-anubis-ransomware
Exploit: Hacking
Industry: Entertainment
The Anubis ransomware-as-a-service group has claimed responsibility for stealing 64 GB of data from a partner firm of Disneyland Paris, exposing thousands of files related to park construction and renovation projects. The stolen data reportedly includes over 39,000 files, such as engineering documents and materials protected by non-disclosure agreements. Anubis has published an archive on its leak site featuring photos and videos tied to popular attractions like Crush’s Coaster, Frozen, Orbitron, Ratatouille, Buzz Lightyear, Autopia and Phantom Manor. Disney has not commented on the matter.
How it Could Affect Your Customers’ Business: The breach raises concerns about the security of third-party vendors handling sensitive intellectual property and infrastructure plans.
Kaseya to the Rescue: Maximize your security on a lean budget with the insights you’ll find in our infographic 5 Ways to Squeeze More From a Tight Security Budget. DOWNLOAD IT>>
Optima Tax Relief
https://www.foxnews.com/tech/chaos-ransomware-hits-optima-tax-relief-leaks-69gb-data
Exploit: Ransomware
Industry: Finance
Optima Tax Relief, one of the leading tax resolution firms in the U.S., reportedly suffered a ransomware attack claimed by the group known as Chaos. The attackers allege they stole 69 GB of data before encrypting the company’s internal servers. The compromised data appears to include corporate documents and sensitive customer case files. Exposed client information may involve names, addresses and Social Security. As of now, Optima has not issued an official statement regarding the incident.
How it Could Affect Your Customers’ Business: Cybercriminals increasingly target industries managing highly sensitive client information, making proactive defenses and continuous monitoring essential.
Kaseya to the Rescue: Identify the must-have features in a user protection solution and explore how to build a robust user protection strategy in our Modern User Protection Buyer’s Guide. GET IT>>
Get expert advice for protecting your organization’s most vulnerable gateway in this infographic. DOWNLOAD IT>>
Switzerland-Chain IQ
https://www.cnn.com/2025/06/18/business/ubs-data-leak-cyber-attack-intl
Exploit: Hacking
Industry: Finance
A cyberattack on Swiss business services firm Chain IQ has exposed data on tens of thousands of Union Bank of Switzerland (UBS) employees, including an internal phone number for CEO Sergio Ermotti. The breach, part of a larger attack affecting 19 companies, was made public on June 12. Chain IQ, which also counts banks like Pictet, KPMG and Mizuho as clients, declined to comment on ransom details. Impacted firm Pictet said only supplier invoice data was accessed, with no client information compromised.
How it Could Affect Your Customers’ Business: Even companies with strong internal defenses can be exposed to risk that could end in a data breach through service providers.
Kaseya to the Rescue: Discover how Kaseya 365 User delivers comprehensive protection beyond the endpoint without breaking the bank. GET THE EBOOK>>
U.K. – Oxford City Council
Exploit: Hacking
Industry: Government
Oxford City Council confirmed a data breach involving its legacy systems, resulting in unauthorized access to personal information and disruption of ICT services. While most systems have been restored, the council warned that backlogs may still cause delays. In a public statement, the council revealed that attackers accessed databases containing personally identifiable information of current and former council officers from 2001 to 2022. Individuals involved in city-run elections during that period, such as poll workers and ballot counters, may also have had personal data exposed. The breach affects a council responsible for providing key public services to roughly 155,000 residents. Authorities are continuing to investigate the incident and are working to notify those potentially impacted.
How it Could Affect Your Customers’ Business: Public sector organizations must prioritize modernizing aging infrastructure, conduct regular security audits and pursue decommissioning old systems securely.
Kaseya to the Rescue: Explore the biggest challenges professionals contended with in 2024 and the impact of AI on cybersecurity in the Kaseya Cybersecurity Survey 2024. GET THE REPORT>>
Take a deep dive into why an AI-powered anti-phishing solution is a smart financial choice. GET EBOOK>>
3 New phishing resistance training kits have landed
As employees increasingly rely on finance and budgeting apps, phishing attacks targeting these platforms are on the rise. Our three new phishing kits, themed around the popular finance app Revolut, are designed to help you train employees to recognize and stay vigilant against such threats.
- Revolut – Account Suspended, US – English
- Revolut – Confirm your details, US – English
- Revolut – Unsuccessful Login Attempts, US – English
Take a look at these phishing resistance training kits and others in the BullPhish ID Release Notes.
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
Protect the most vulnerable gateway to your organization
End users are often the weakest link in cybersecurity, especially with rising phishing, credential exposure and email threats.
The infographic, Protect the most vulnerable gateway to your organization, presents a three-pronged strategy – prevention, response and recovery to safeguard these entry points.
Key SaaS security trends 2025: What businesses need to know to keep up
July 9, 2025 | 11:00 AM AEST
Multi-factor authentication (MFA) alone won’t stop today’s advanced threats. Adversary-in-the-Middle (AiTM) attacks can sidestep MFA and seize Microsoft 365 sessions, exposing critical data and disrupting business operations.
Join us to learn how these attacks operate and what you can do to stop them. We’ll dive into real-world defenses including token protection, hardened M365 settings and automated detection with SaaS Alerts.
July 3: Kaseya + Datto Connect Local: Perth REGISTER NOW>>
July 15: Kaseya + Datto Connect Local: Montreal REGISTER NOW>>
July 22: Kaseya + Datto Connect Local: Toronto Symposium REGISTER NOW>>
August 5: Kaseya + Datto Connect Local: Los Angeles REGISTER NOW>>
August 12: Kaseya + Datto Connect Local: Houston REGISTER NOW>>
August 14: Kaseya + Datto Connect Local: Dallas REGISTER NOW>>
August 28: Kaseya+Datto Connect Local: Brisbane REGISTER NOW>>
September 4: Kaseya+Datto Connect Local: Adelaide REGISTER NOW>>
September 4: Kaseya+Datto Connect Local: Adelaide REGISTER NOW>>
October 6 – 8: Kaseya DattoCon Miami REGISTER NOW>>
October 28 – 30: Kaseya DattoCon Asia-Pacific REGISTER NOW>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Read our case studies and see how MSPs and businesses have benefited from using our solutions. READ NOW>