Data Breach Report: May 2025 Edition

May 2025 was another alarming month for cybersecurity, with a surge in high-impact data breaches affecting major organizations across industries—from finance and retail to healthcare and technology. This month’s breaches underscored recurring vulnerabilities tied to third-party vendors, insider threats, and outdated software systems. Notably, Coinbase faced a major extortion attempt linked to overseas support contractors, while Marks & Spencer suffered severe disruptions from a ransomware attack believed to be connected to IT outsourcing. Healthcare giant Ascension, global beverage leader Coca-Cola, sportswear brand Adidas, and data broker LexisNexis were also among the high-profile victims. Each incident highlights the growing complexity and scale of modern data breaches—and the urgent need for resilient, vendor-aware security strategies.

Coinbase, a leading cryptocurrency exchange platform founded in 2012, serves millions of users globally by facilitating the buying, selling, and storing of digital assets like Bitcoin and Ethereum. In May 2025, Coinbase disclosed a significant data breach caused by insider threats from overseas customer support contractors, discovered after a $20 million extortion demand on May 11, 2025. The breach exposed sensitive user information, though no funds or cryptographic keys were compromised. The incident has raised concerns about third-party contractor security, with potential costs estimated at $400 million.

Scale of the Breach: 69,461 users were affected.
Type of Data Exposed: Names, contact details, partial Social Security numbers, masked banking data, and ID images were compromised.
Cause of the Breach: Insider threat from overseas customer support contractors leaking data, starting December 26, 2024.

Official Notification: https://www.coinbase.com/blog/protecting-our-customers-standing-up-to-extortionists

Marks & Spencer (M&S), a historic British retailer founded in 1884, is renowned for its clothing, food, and home products, operating over 1,400 stores globally. In May 2025, M&S suffered a major cyberattack attributed to the “Scattered Spider” group, deploying DragonForce ransomware to encrypt virtual machines and steal customer data, severely disrupting online retail systems. The breach, potentially linked to vulnerabilities in M&S’s IT outsourcing partner, Tata Consultancy Services, is expected to cause a £300 million ($400 million) profit loss, with recovery projected to extend into July 2025.

Scale of the Breach: Hundreds of thousands of customers were likely affected, though exact numbers remain unconfirmed.
Type of Data Exposed: Customer data was stolen, but no payment details or login credentials were confirmed compromised.
Cause of the Breach: A ransomware attack by the “Scattered Spider” group using DragonForce malware targeted virtual machines, possibly exploiting vulnerabilities in third-party IT systems.

Notification: https://corporate.marksandspencer.com/cyber-update

Ascension, one of the largest nonprofit healthcare systems in the United States, operates over 140 hospitals and 40 senior care facilities across 19 states, focusing on patient-centered care. In May 2025, Ascension disclosed a significant data breach involving third-party vendors, exposing sensitive patient information ideal for medical identity theft. The breach, primarily linked to a former business partner’s outdated software and a compromised cloud system, highlighted vulnerabilities in vendor security practices, impacting hundreds of thousands of individuals.

Scale of the Breach: 437,019 patients were affected by the breach.
Type of Data Exposed: Protected health information (PHI) was compromised, including data suitable for medical identity theft and fraud.
Cause of the Breach: The breach resulted from a former business partner using outdated software and vulnerabilities in a third-party vendor’s cloud system.

Notification: https://www.mass.gov/doc/2025-738-ascension-health/download

The Coca-Cola Company, a global beverage giant founded in 1886, is renowned for its iconic soft drinks and operates in over 200 countries with a vast network of bottlers and distributors. In May 2025, the Everest ransomware group claimed responsibility for a data breach targeting Coca-Cola’s Middle East operations, specifically its Dubai-based bottling partner, Coca-Cola Al Ahlia Beverages Company. After the company ignored ransom demands, hackers leaked 1,104 files containing sensitive employee data on dark web forums. The breach, reported on May 22, 2025, exposed personal and HR-related information, raising risks of identity theft and regulatory scrutiny.

Scale of the Breach: Personal data of 959 employees was exposed, primarily from Middle East operations.
Type of Data Exposed: Leaked data included full names, addresses, phone numbers, emails, banking details, salary records, passports, visas, and internal HR documents like administrative account structures.
Cause of the Breach: The Everest ransomware group infiltrated systems, likely through compromised credentials or third-party vulnerabilities, targeting a Middle East distributor.

Adidas, a German sportswear giant founded in 1949, is a leading global brand known for its athletic apparel, footwear, and accessories, operating in over 100 countries. In May 2025, Adidas disclosed a data breach where hackers accessed consumer data through a third-party customer service provider, exposing contact information of customers who had interacted with its helpdesk. The breach, reported on May 23, 2025, did not compromise financial data but raised concerns about phishing and identity theft risks. Adidas is notifying affected customers and collaborating with cybersecurity experts to investigate and mitigate the incident.

Scale of the Breach: The exact number of affected customers is undisclosed, but reports suggest 544,395 individuals, including Turkish customers, may have been impacted.
Type of Data Exposed: Compromised data primarily includes names, email addresses, phone numbers, and possibly home addresses and birthdates.
Cause of the Breach: Hackers infiltrated a third-party customer service provider’s systems, exploiting vulnerabilities to access consumer data.

Notification: https://www.adidas-group.com/en/data-security-information

LexisNexis Risk Solutions, a subsidiary of RELX founded in 1970, is a major data broker based in Alpharetta, Georgia, providing analytics and risk management services to industries like finance, insurance, and law enforcement. In May 2025, LexisNexis disclosed a significant data breach involving unauthorized access to its GitHub account, discovered on April 1, 2025, after a tip from an unknown third party. The breach, which occurred on December 25, 2024, exposed sensitive personal information of over 364,000 individuals, raising concerns about data broker security practices. LexisNexis is offering two years of free identity protection and credit monitoring to affected individuals while facing potential class-action lawsuits.

Scale of the Breach: 364,333 individuals were affected by the breach.
Type of Data Exposed: Compromised data included names, phone numbers, email and postal addresses, Social Security numbers, driver’s license numbers, and dates of birth.
Cause of the Breach: An unauthorized third party accessed data through a compromised LexisNexis GitHub account on a third-party software development platform.