Summary
- Total number of incidents disclosed: 20
- Total number of confirmed records breached: 21,227,208
Welcome to another monthly round-up of monthly cyber attack and data breach news. October 2025 saw 20 publicly reported cyber attacks and data breaches around the globe. In total, at least 21.2 million records were confirmed to have breached
As ever, these are the incidents that made the news this month – the list is, by necessity, far from exhaustive.
The month’s five largest incidents
- Records affected: about 17,600,000
- Data: names, addresses, dates of birth, Social Security numbers, stated income
- Cause: unauthorised access via compromised administrative credentials
- Status: confirmed
- Records affected: 3.5 million merchants; 16 million customers (potentially)
- Data: live order metadata, customer names, phone numbers, email/home addresses, purchased items; exposed API keys/tokens for payment gateways
- Cause: Cloud misconfiguration (unprotected Apache Kafka stream)
- Status: confirmed (scale potentially exposed; precise totals unverified)
Allianz Life Insurance Company of North America
- Records affected: 1,497,036
- Data: names, addresses, dates of birth, Social Security numbers
- Cause: third-party breach of a Cloud CRM platform (supply-chain)
- Status: confirmed
- Records affected: 1,200,000
- Data: personal identifiers including names, birth dates, addresses, ID details, loyalty information
- Cause: social-engineering-led intrusion leading to data theft
- Status: confirmed
- Records affected: 766,670
- Data: names, contact details, dates of birth, Social Security and driver’s licence numbers
- Cause: ransomware with exfiltration (PEAR group)
- Status: confirmed
Trends in October 2025
- Third-party risk remained the most common breach vector – Cloud CRMs, billing partners and outsourced support vendors drove several disclosures.
- Oracle EBS zero-day extortion persisted, with confirmed limited impacts at universities and airlines, plus broader but unverified campaign claims.
- Ransomware with data theft continued to feature, though several victims reported unknown or non-consumer data impacts.
- Large-scale exposures from misconfiguration resurfaced, with a single unsecured data stream potentially exposing tens of millions of customer events.
- Mixed evidence: multiple organisations reported intrusions but “no evidence of data theft”, apparently reflecting tighter detection but a more cautious approach to disclosure.
Key vulnerabilities exploited
- Oracle E-Business Suite zero-day exploited at scale in extortion campaigns.
- Cloud/service-provider weaknesses including unsecured data streams and third-party platform breaches.
- Credential compromise of administrative accounts enabling database access.
- Email account takeovers resulting in PHI exposure in healthcare.
- Source-code platform compromise (self-hosted GitLab) enabling mass repository exfiltration.
List of data breaches and cyber attacks disclosed in October 2025
| Disclosure date | Organisation | Country | Sector | Incident type | Records affected |
| 01 October 2025 | WestJet | Canada | Transportation (Aviation) | Cyber attack (social engineering→data breach) | 1,200,000 |
| 02 October 2025 | Allianz Life Insurance Company of North America | USA | Finance (Insurance) | Third-party breach (cloud CRM) | 1,497,036 |
| 02 October 2025 | Motility Software Solutions | USA | Technology (Automotive SaaS) | Ransomware (data theft & extortion) | 766,670 |
| 02 October 2025 | Oracle E-Business Suite (multiple orgs) | Global | Cross-industry | Extortion campaign (Oracle EBS zero-day) | Unknown |
| 02 October 2025 | Red Hat Consulting | USA | Technology (IT Services) | Data breach (GitLab compromise, source-code/data exfiltration) | Unknown (about 570 GB) |
| 07 October 2025 | Williams & Connolly | USA | Legal services | Cyber attack (email account compromise) | Unknown |
| 07 October 2025 | Discord | USA | Technology (Social platform) | Third-party breach (support vendor) | About 70,000 |
| 13 October 2025 | Nintendo Co. Ltd. | Japan | Technology (Gaming) | Claimed breach (disputed) | Unknown |
| 13 October 2025 | Harvard University | USA | Education | Vulnerability exploitation (Oracle EBS zero-day) | Unknown |
| 15 October 2025 | Jewett-Cameron Trading Co. | USA | Manufacturing | Ransomware (data theft & encryption) | Unknown |
| 16 October 2025 | Sotheby’s | USA | Retail (Auction) | Data breach (employee PII) | Unknown (employees only) |
| 17 October 2025 | Verisure/Alert Alarm | Sweden | Security services | Third-party data breach (billing partner) | About 35,000 |
| 17 October 2025 | Envoy Air (American Airlines) | USA | Transportation (Airline) | Cyber attack (Oracle EBS zero-day extortion campaign) | Unknown (no sensitive data) |
| 20 October 2025 | Prosper Marketplace | USA | Finance (Fintech lending) | Unauthorised access (admin credentials) | About 17,600,000 |
| 21 October 2025 | Radiologic Medical Services, P.C. | USA | Healthcare (Radiology) | Email account breach (PHI exposure) | 56,902 |
| 21 October 2025 | Dodo/iPrimus (Vocus) | Australia | Telecommunications | Account compromise (email→SIM swapping) | 1,600 emails + 34 SIMs |
| 21 October 2025 | Dukaan | India | Technology (E-commerce) | Cloud misconfiguration (unsecured data stream) | 3,500,000 merchants; 16,000,000 customers (potentially) |
| 23 October 2025 | Toys “R” Us Canada | Canada | Retail (Consumer toys) | Data breach (data leaked online) | Unknown |
| 27 October 2025 | GCash (G-Xchange) | Philippines | Finance (Mobile payments) | Alleged data leak (dark-web sale) | Unknown (“millions” claimed) |
| 29 October 2025 | Ribbon Communications | USA | Telecom (Network equipment) | Cyber espionage (nation-state APT intrusion) | Unknown |
Discover your vulnerabilities before attackers do
To avoid falling victim to cyber attacks, it’s critical to understand where you are most vulnerable to attack. Then you can close any security gaps before it’s too late.
Don’t leave your vulnerabilities to chance. Collaborate with a team that understands your risks and delivers actionable solutions.
Contact our penetration testing experts today to discuss your security needs.
The post Global Data Breaches and Cyber Attacks in October 2025 – At Least 21.2 Million Breached Records appeared first on IT Governance Blog.
