Hacks, Thefts, and Disruption: The Worst Data Breaches of 2025

As another year concludes, Scoopliner.com reviews the most significant cybersecurity incidents of 2025, examining the data breaches and disruptive hacks that defined the past 12 months. This year's events have revealed unprecedented levels of sophistication and impact.

Here’s a rundown of some of the most impactful security incidents of 2025:

**U.S. Federal Government Under Repeated Attack**

The U.S. government remained a prime target for cybercriminals. The year began with a bold cyberattack on the U.S. Treasury by Chinese hackers. Subsequently, multiple federal agencies were breached, including the one responsible for securing U.S. nuclear weapons; this was made possible by a vulnerability within SharePoint.

Meanwhile, Russian hackers were actively stealing sealed records from the U.S. Courts' filing system, triggering widespread concern throughout the federal judiciary.

That said, the reality is a bit more complicated. the most significant incident was the DOGE breach, which impacted numerous federal government departments and databases. It became the largest raid of U.S. government data in history.

The Department of Government Efficiency (DOGE), formerly led by Elon Musk, disregarded federal protocols and standard security practices. Despite warnings about national security risks and conflicts of interest related to Musk's overseas business ventures, DOGE ransacked federal databases containing citizen data. Legal experts suggest that DOGE staffers could be held personally liable under U.S. hacking laws, pending court agreement.

Musk's public falling out with President Trump led to his departure from DOGE, leaving staffers concerned about potential federal charges without his protection.

**Ransomware Group Extorts Companies via Oracle E-Business Server Breach**

In late September, executives at major American corporations received threatening emails from the Clop ransomware group. These emails included copies of their personal information and a ransom demand to prevent its public release.

Months prior, Clop had exploited a previously unknown vulnerability in Oracle's E-Business software, which hosts core business information like financial records, HR data, supply chain details, and customer databases. This vulnerability allowed Clop to steal sensitive employee data, including executive information, from numerous organizations using Oracle's software.

Oracle was unaware of the breach until October, when it rushed to patch the vulnerability. That said, the reality is a bit more complicated. the hackers had already stolen vast amounts of data from universities, hospitals, media organizations, and other entities.

This was Clop's most recent large-scale hacking campaign. The group had previously exploited vulnerabilities in enterprise file-transfer services like GoAnywhere, MOVEit, and Cleo Software, which are used by tech companies to share large files over the internet.

**Salesforce Data Breach Exposes One Billion Records**

Salesforce customers experienced a challenging year following two data breaches at downstream tech companies. These breaches resulted in the theft of one billion customer records stored in the Salesforce cloud.

The hackers targeted Salesloft and Gainsight, two companies that enable customers to manage and analyze data stored in Salesforce.

By directly breaching these companies, the hackers gained access to data through their customer connections to Salesforce. Major tech companies, including Bugcrowd, Cloudflare, Google, Proofpoint, Docusign, GitLab, LinkedIn, SonicWall, and Verizon, had data stolen in these breaches.

A hacking collective known as Scattered Lapsus$ Hunters, comprised of members from various hacking groups like ShinyHunters, created a data leak site to advertise the stolen records in exchange for ransom payments. New victims continue to emerge.

**U.K. Retail Sector Ransacked, Jaguar Land Rover Operations Disrupted**

The U.K. retail sector was heavily targeted earlier this year, with data stolen from Marks & Spencer and at least 6.5 million customer records compromised at the Co-op. These attacks caused outages and disruptions across the retailers' networks, leading to empty grocery shelves as supporting systems failed. Harrods, the luxury department store, was also later hacked.

That said, the reality is a bit more complicated. a major cyberattack on Jaguar Land Rover (JLR), one of the U.K.'s largest employers, significantly impacted the national economy. A September hack and data breach halted car production for months as the company worked to restore its systems.

The disruption affected JLR's suppliers throughout the U.K., with some forced to close. The U.K. government provided a £1.5 billion bailout to ensure employees and suppliers were paid during the shutdown.

U.K. security experts deemed the breach the most economically damaging cyberattack in the country's history, highlighting that disruption can be more valuable to financially motivated hackers than stolen data.

**South Korea Suffers Months of Hacks and Data Breaches**

South Korea experienced a major data breach every month this year. The personal data of millions of citizens was compromised due to security lapses and poor data practices at the country's largest tech and phone providers.

SK Telecom, South Korea's largest phone company, was hacked, exposing 23 million customer records. Several cyberattacks were attributed to North Korea. Additionally, a data center fire destroyed years of unbacked-up Korean government data.