Summary
- Total number of incidents disclosed: 30
- Total number of known breached records: over 17,300,000
Welcome to another monthly round-up of monthly cyber attack and data breach news. At least 30 publicly disclosed incidents came to light in August 2025 across the finance, healthcare, telecoms, government, retail, education and technology sectors.
Based on disclosures with usable figures, more than 17.3 million records were confirmed to have been breached this month. The actual figure is likely to be higher, given that several incidents did not release exact numbers but involved large datasets.
Top three sources of breached data
- Bouygues Telecom – 6.4 million French telecom customers’ data, including bank account numbers, exposed in a July attack disclosed in August.
- Salesforce supply-chain campaign – At least 5.6 million records stolen across multiple organisations, including TransUnion (4.46m) and Farmers Insurance (1.1m), plus exposures at Google, Cisco, Pandora, Chanel, Workday and Air France–KLM.
- DaVita Inc. – almost 2.7 million patients’ medical and insurance data stolen in a March ransomware attack, publicly confirmed in August.
Top 5 incidents by number of records affected
- Records affected: 6.4 million
- Data: Contact details, contract information, IBAN bank account numbers
- Cause: Ransomware attack and data exfiltration by a criminal group
- Status: Confirmed; systems secured; regulators and clients notified
Salesforce supply-chain campaign (multiple victims)
- Records affected: At least 5.6 million confirmed (4.46m at TransUnion, 1.1m at Farmers Insurance, plus exposures at Google, Cisco, Pandora, Chanel, Workday and Air France–KLM)
- Data: Business contact details and customer PII, including names, addresses, dates of birth, driver’s licence numbers and, in TransUnion’s case, unredacted Social Security numbers
- Cause: OAuth token theft at Salesloft/Drift exploited by the ShinyHunters/Scattered Spider group to infiltrate Salesforce instances across multiple organisations
- Status: Confirmed; victims disclosed incidents individually; investigation continues
- Records affected: 2.7 million
- Data: Names, addresses, dates of birth, Social Security numbers, medical diagnoses and treatments, insurance details
- Cause: Ransomware intrusion (March–April); attackers exfiltrated and encrypted data
- Status: Confirmed; BlackCat/ALPHV suspected; disclosure on 22 August
- Records affected: 868,969
- Data: Social Security numbers, contact details, academic records, financial aid data, health insurance information
- Cause: May 2025 hack of university systems by an unknown threat actor
- Status: Confirmed; disclosure 7 August; credit monitoring offered
- Records affected: 850,000
- Data: Full names, telephone numbers, SIM card numbers, PUK codes, tariff plans
- Cause: July network breach of telecom systems
- Status: Confirmed; disclosure 20 August; regulator notified
Trends in August 2025
- Salesforce supply-chain campaign dominates: The ShinyHunters/Scattered Spider-linked campaign against Salesforce environments hit major firms including Google, Cisco, Farmers Insurance, Pandora, Chanel, Workday and TransUnion.
- Telecoms under pressure: Bouygues Telecom and Orange Belgium reported large breaches affecting millions of customers, following July’s Orange France incident.
- Healthcare remains a prime target: DaVita (2.7 million patients) and Healthcare Services Group (624,000 individuals) underscore the persistent risk to health data.
- Education and research exposed: Columbia University disclosed nearly 870k records; the Italian hotel ID leak showed how guest verification processes can be exploited.
- Government services disrupted: The US Federal Judiciary, Canada’s House of Commons and Maryland’s MTA all reported serious cyber attacks impacting sensitive systems.
Key vulnerabilities exploited
- OAuth/SaaS integrations: The Salesloft breach enabled attackers to pivot into multiple Salesforce environments (TransUnion, Farmers, Google Ads, etc.).
- SharePoint zero-day: CVE-2025-53770 exploited in the Canada House of Commons breach and the Colt Technology Services attack.
- Ransomware and exfiltration: Groups such as ALPHV/BlackCat (DaVita) and Qilin (Nissan Creative Box) used combined encryption and theft strategies.
- Cloud misconfigurations and third-party risks: Pi-hole (donor emails exposed via WordPress plugin flaw) and Auchan (loyalty programme) highlight supply-chain weaknesses.
- Hacktivism and geopolitics: Cyber Anarchy Squad (Russia) and Iranian-aligned groups (Israel’s Internet Rimon) demonstrated continuing hacktivist and state-backed activity.
List of data breaches and cyber attacks disclosed in August 2025
| Disclosure date | Organisation | Country | Sector | Incident type | Records affected |
| 01 August 2025 | Pi-hole Project | Global | Software (Ad-blocking) | Data breach (exposed donor info via plugin vulnerability) | 30,000 |
| 01 August 2025 | Cycle & Carriage Singapore | Singapore | Automotive | Data breach (unauthorised CRM access, data exfiltration) | 147,000 |
| 01 August 2025 | Genoa Community Hospital | USA | Healthcare | Data breach (email account compromise) | Unknown |
| 04 August 2025 | Chanel | France | Retail (Fashion) | Data breach (Salesforce CRM compromise via vishing) | Unknown |
| 05 August 2025 | Cisco Systems | USA | Technology | Data breach (vishing-led CRM account compromise) | Unknown |
| 05 August 2025 | Public Broadcasting Service (PBS) | USA | Media | Data breach (internal data leak by insider) | 3,997 |
| 05 August 2025 | Pandora | Denmark | Retail | Data breach (Salesforce CRM compromise via OAuth abuse) | Unknown |
| 05 August 2025 | Google (Ads CRM) | USA | Technology | Data breach (Salesforce CRM compromise via vishing) | Unknown |
| 06 August 2025 | Air France–KLM | France, Netherlands | Aviation | Data breach (third-party customer service system hack) | Unknown |
| 07 August 2025 | Bouygues Telecom | France | Telecom | Cyber attack (ransomware – data theft) | 6,400,000 |
| 07 August 2025 | Columbia University | USA | Education | Data breach (network hack, data theft) | 868,969 |
| 08 August 2025 | US Federal Judiciary | USA | Government (Judiciary) | Cyber attack (breach of court document system) | Unknown |
| 10 August 2025 | Connex Credit Union | USA | Financial | Data breach (unauthorized system access, data theft) | 172,000 |
| 12 August 2025 | Manpower (Lansing franchise) | USA | Staffing/HR | Data breach (ransomware attack – data theft) | 144,189 |
| 13 August 2025 | Multiple Italian Hotels | Italy | Hospitality | Data breach (booking system hacks, identity data theft) | ~90,000 (ID scans) |
| 14 August 2025 | Canada House of Commons | Canada | Government | Cyber attack (SharePoint 0-day exploit, data theft) | Unknown |
| 18 August 2025 | Workday, Inc. | USA | Technology (HR software) | Data breach (third-party CRM compromise via social engineering) | Unknown |
| 18 August 2025 | Bragg Gaming Group | Canada | Online Gaming | Cyber attack (unauthorized access to IT systems) | Unknown (internal data only) |
| 19 August 2025 | Business Council of New York State | USA | Non-profit (Business org) | Data breach (network hack, data theft) | 47,329 |
| 20 August 2025 | Orange Belgium | Belgium | Telecom | Data breach (internal systems breach, data theft) | 850,000 |
| 20 August 2025 | Investment Projects (Russia) | Russia | Finance (Investment platform) | Cyber attack (hacktivist breach, data leak) | Unknown |
| 21 August 2025 | Colt Technology Services | UK | Telecom | Cyber attack (ransomware – data theft, service outage) | Unknown (up to 1M documents) |
| 22 August 2025 | DaVita Inc. | USA | Healthcare | Data breach (ransomware – patient data theft) | 2,700,000 |
| 24 August 2025 | Internet Rimon | Israel | Telecom (ISP) | Cyber attack (nation-state hack, service disruption) | Unknown (service disrupted) |
| 25 August 2025 | Farmers Insurance | USA | Insurance | Data breach (third-party CRM compromise – data theft) | 1,100,000 |
| 25 August 2025 | Auchan (retail) | France | Retail | Data breach (loyalty program database hack) | “Several hundred thousand” |
| 25 August 2025 | Nissan (Creative Box) | Japan | Automotive | Data breach (ransomware – IP theft) | Unknown (4 TB of data) |
| 25 August 2025 | Maryland Transit Admin-istration | USA | Transport-ation | Cyber attack (IT outage – transit scheduling system) | Unknown |
| 26 August 2025 | Healthcare Services Group (HSG) | USA | Healthcare support | Data breach (network intrusion, data theft) | 624,000 |
| 26 August 2025 | Salesloft, Inc. | USA | Cloud software | Supply-chain attack (OAuth token theft enabling data breaches) | Unknown |
| 28 August 2025 | TransUnion LLC | USA | Financial (Credit bureau) | Data breach (Salesforce supply-chain attack – data theft) | 4,461,511 |
| 28 August 2025 | MathWorks | USA | Software (Engineering) | Data breach (ransomware – internal systems) | 10,476 |
Discover your vulnerabilities before attackers do
To avoid falling victim to cyber attacks, it’s critical to understand where you are most vulnerable to attack. Then you can close any security gaps before it’s too late.
Don’t leave your vulnerabilities to chance. Collaborate with a team that understands your risks and delivers actionable solutions.
Contact our penetration testing experts today to discuss your security needs.
The post Global Data Breaches and Cyber Attacks in August 2025: over 17.3 million records exposed appeared first on IT Governance Blog.
