-
Cyberattacks hit hard this year, big companies lost hundreds of millions—retailers and airlines took some of the worst blows.
-
Hackers shifted tactics, going after third party service providers. With this smart approach, they break into one, opening a door to a bunch of companies’ data, all at once.
-
AI made things worse; cybercriminals used it to cook up advanced phishing scams and launch attacks faster than ever.
If 2025 proved anything, it’s that nobody is really safe online right now. From your favorite stores to major airlines, hackers hit everyone, exposing the private information of millions of people.
The scary part? They often just log in instead of breaking in. We saw several reports of phishing scams, data breaches, name them, and we’re about to have a brief look at some of the incidents that hit the hardest.
A Year of High-Profile Hacks
2025 was eventful in the world of cybersecurity. This past year felt like a nonstop stream of security alerts. Big companies kept making news headlines due to data breaches.
The attacks were bold, very disruptive, and caused those involved a lot of financial and reputational damage. Let’s take a look at the details.
The Retail Sector Under Siege
The summer was particularly rough for UK shoppers. A wave of attacks hit major retailers one after another. Marks and Spencer, the Co-op, and luxury store Harrods all got hit.
The damage was severe M&S called the attack “traumatic.” They estimate it will cost them a staggering £300 million in profits. The Co-op also reported massive losses of at least £206 million (over $260 million USD approximately).
Harrods also confirmed a breach, in which hackers stole 430,000 customer records. The compromise was not from the company’s own systems. Rather, it came from a third-party provider they use.
This pattern shows a major shift in how hackers operate. They aren’t always targeting the main company. They go for the weaker links in the chain.
Beyond Shopping: Airlines, Cars, and Kids
The problem spread far beyond retail. Australia’s airline Qantas got hit by a major breach in July, and the personal data of millions of passengers was exposed on the dark web.
Qantas wasn’t the only target. They were one of 40 global organizations hit. The attack focused on a single, widely used Salesforce database.
The group behind it has many names. You might know them as Lapsus$ or Scattered Spider. They also went after giants like Google, Adidas, and Chanel.
Even more alarming attacks followed. The Kido nursery chain in the UK had data on 8,000 children stolen. Pictures, names, and addresses were taken.
Car maker Jaguar Land Rover had to turn off systems worldwide. Japanese beer giant Asahi shut down operations after an attack. Even cybersecurity company F5 was hacked, putting its Fortune 500 clients at risk.
The New Hacker Playbook: Stealing Your Identity
So, what are these criminals really after? According to experts, the answer is simple: your identity.
Zeki Turedi from CrowdStrike put it bluntly. He said identity is the biggest target for threat actors today. They want usernames, passwords, and access privileges.
“They don’t ‘break in’, they log in,” Turedi explained. This is a game-changer. It means strong walls aren’t enough if the front door keys are stolen.
How AI Fuels the Fire
This is where things get even scarier – hackers have now gotten a powerful new tool — artificial intelligence. AI helps them at every stage of an attack.
It can automate searches for weaknesses. It can create deepfake voices for phone scams. We’ve seen hackers use AI to trick help desk staff.
They pretend to be from HR or IT. Their goal is to get employees to reset passwords for them. An IBM report confirmed a worrying gap. AI adoption is racing ahead of AI security.
The Third-Party Problem
These breaches highlight a critical weakness. Companies are only as strong as their partners’ security. The attacks on Harrods, Qantas, and Discord all came through third parties.
These providers offer services like customer support or data management. When hackers breach one provider, they can access dozens of companies. It’s a force multiplier for cybercrime.
The countless cyber attacks we saw this year have taught us that digital trust is fragile, and so we need much more than just strong passwords to protect our systems. The breach of a single city application, exposing the data of millions of residents, stands as a stark reminder that no organization—from global retailers to local governments—is immune to this cycle of theft and exposure. Every company in the chain needs to be alert and watchful.
