%20cropped.jpg?width=200&height=200&name=Josh_Moore%20(Pro)%20cropped.jpg)
Cyberattacks in 2025 have been bold, costly, and full of lessons for businesses of every size. From sneaky vishing scams to ransomware attacks that halted grocery supply chains, these incidents show how quickly vulnerabilities can be exploited—and why proactive cybersecurity matters more than ever.
Here are five breaches that made headlines and what they teach us about staying secure:
- Vishing Scam Behind Sneaky Data Heist
- Contractor Login Compromise
- Patient Records Exposed in Major Hospital System Breach
- Ransomware Attack Disrupts Major Grocer
- Job Applicated Exposed in Breach Caused by Weak Admin Password
Now, let’s dive into the details behind these major incidents and uncover what went wrong—and what we can learn from each one.
Vishing Scam Behind Sneaky Data Heist
Targeted Organization
Salesforce: A global CRM platform
What Happened
Vishing was the cause. Phone calls tricked employees into giving up multi-factor codes, then cybercriminals used Salesforce’s Data Loader tool to bulk export data. This was a quiet and sneaky data breach that is estimated to have affected nearly 800 organizations. News of this data breach went public when the FBI issued a warning about two groups they had discovered to have stolen customer data from organizations using the Salesforce platform.
Lesson Learned
Conduct routine staff training that educates on how to verify callers and advises never to share codes over the phone. Also, organizations should always use strong authentication methods like hardware tokens or app-based multi-factor authentication.
Contractor Login Compromise
Targeted Organization
PowerSchool: SaaS for educational institutions
What Happened
Cybercriminals gained access using a login stolen from a contractor. Over 62 million student records were exposed nationwide. This included information such as names, contact details, Social Security numbers, school transportation, and medical information. An extra wrinkle in this data breach is that some of PowerSchool’s school district customers link PowerSchool data to other apps. This ripple effect encouraged users to change passwords, and update linked accounts to prevent further damage.
Lesson Learned
Careful planning can reduce but will not eliminate the risk of a data breach. Human error is the leading cause of data breaches. Train all users, including third-party vendors who will work within your system, to Pause, Consider, Verify before clicking a link or giving out sensitive information.
Patient Records Exposed in Major Hospital System Breach
Targeted Organization
Yale New Haven Health System in Connecticut, New York, and Rhode Island
What Happened
A cybercriminal hacked their way into the health system’s network, causing a data breach that exposed sensitive personal information within over 5.5 million patient records. As a 24/7 industry, the health system had to find a way to root out the cybercriminal and recover the system while keeping electronic health records systems up for staff to access.
Lesson Learned
Using a Security Information and Event Management (SIEM) software solution will provide proactive cyber threat hunting. Through collection and analysis of large amounts of network data, a SIEM solution will identify and alert administrators about potential security breaches, anomalies and malicious activity, while assisting to mitigate any potential damage.
Ransomware Attack Disrupts Major Grocer
Targeted Organization
United Natural Foods: Whole Foods Market’s main supplier of natural and organic food
What Happened
An enterprise-wide cyber event occurred, likely due to ransomware. The event exposed corporate and operational data. The result was costly network downtime which disrupted order processing and food distribution.
Lesson Learned
Cyberattacks can be costly to businesses, in more ways than one. Having a comprehensive business continuity plan can mitigate the effects of a cyber disaster.
Job Applicants Exposed in Breach Caused by Weak Admin Password
Targeted Organization
McDonald’s McHire Job Platform
What Happened
A major data breach of the AI-powered hiring platform McHire, owned by global restaurant chain McDonald’s, exposed personal data from approximately 64 million job applicants. This breach was due to a weak, long-unchanged administrative password.
Lesson Learned
Follow best practices for more effective password safety. Use complex configurations containing both upper and lower case letters, as well as numbers and symbols. Businesses should also utilize encryption and multi-factor authentication for extra protection. In addition, be sure to regularly change your password. This will help to thwart unknown cybercriminals who may have gained access to your account.
Proactive Cybersecurity Services for Every Business
At Elevity, we work closely with clients to implement proactive cybersecurity through a layered, enterprise-level approach. Leveraging 24/7 monitoring, cybersecurity experts, and a step‑by‑step risk‑mitigation strategy, we tailor defenses using best‑of‑breed tools. Leveraging our fully managed technology services, Elevity clients have access to a vCIO who can design customized security controls—ensuring ongoing protection and rapid incident response.
In today’s ever evolving threat landscape, cyberattacks are always lurking. That’s why Elevity is constantly on the move, helping clients keep their data safe and in the unfortunate event that a data breach occurs—mitigate the damage and repair the network.
How prepared is your organization in the event of sneaky cyber threat or ransomware attack? Wondering if there are gaps in your current cybersecurity structure? Answer a few questions using our free Cybersecurity Risk Assessment Tool and you’ll get an instant score letting you know where you rank on the cyber preparedness spectrum.
