Major Cyber Attacks, Ransomware Incidents and Data Breaches of June 2025
Cyber threats continue to evolve with increasing sophistication
United Natural Foods, North Face, Cartier, Zoom Car, Episource, WestJet, The Washington Post. What do they have in common? All fell victim to cyber crime in June 2025, exposing sensitive data and disrupting operations.
From unauthorized access to internal systems to major disruptions in operations, the impact of June's cyber incidents has been as damaging as ever. Millions of customer and employee accounts were breached, exposing sensitive personal information across multiple industries.
Ransomware Attacks in June 2025
Ransomware continues to be one of the most disruptive cyber threats, with several high-profile attacks last month:
| Date | Victim | Summary | Source |
|---|---|---|---|
| June 01, 2025 | Durant (OK), Lorain County (OH), and Puerto Rico's Justice Department | Ransomware attacks disrupted critical services for thousands across multiple government entities | The Record |
| June 04, 2025 | Lee Enterprises | Newspaper giant says nearly 40,000 Social Security numbers leaked in Qilin ransomware attack | The Record |
| June 05, 2025 | Kettering Health | Interlock ransomware attack disrupted 14 hospitals, forcing procedure cancellations | The Record |
| June 22, 2025 | McLaren Health Care | Data of 743,000 stolen in ransomware attack linked to INC group | Bleeping Computer |
Data Breaches in June 2025
Significant data breaches exposed millions of records across various sectors:
| Date | Victim | Summary | Source |
|---|---|---|---|
| June 02, 2025 | North Face | Nearly 3,000 customer accounts breached via credential stuffing attack | The Record |
| June 16, 2025 | Zoom Car | 8.4 million affected by data breach at Indian car share company | The Record |
| June 17, 2025 | Episource | Healthcare tech firm breach exposed data of 5.4 million individuals | Bleeping Computer |
Notable Cyber Attacks
Other significant cyber incidents from June 2025:
| Date | Victim | Summary | Source |
|---|---|---|---|
| June 05, 2025 | United Natural Foods | Cyber attack forced systems offline, disrupting distribution | The Record |
| June 15, 2025 | The Washington Post | Journalists' email accounts compromised in targeted attack | Bleeping Computer |
| June 17, 2025 | Iran's Bank Sepah | Pro-Israel hackers claimed breach amid military escalation | The Record |
Critical Vulnerabilities Patched
Major vulnerabilities discovered and patched in June 2025:
| Date | CVE | Summary | Source |
|---|---|---|---|
| June 02, 2025 | CVE-2025-21479 | Qualcomm patches zero-day in Adreno GPU driver | Bleeping Computer |
| June 10, 2025 | CVE-2025-33053 | Microsoft patches WebDAV zero-day exploited by APT groups | Bleeping Computer |
| June 25, 2025 | CVE-2025-6543 | Citrix warns of active exploitation causing DoS condition | Bleeping Computer |
Key Threat Intelligence Reports
Important advisories and analysis from June:
- Play ransomware gang has targeted over 900 organizations since 2022 (FBI)
- AI called a "data-breach time-bomb" with 99% of organizations exposing sensitive data (Varonis)
- Scattered Spider expands targeting to aviation after insurance and retail sectors
- North Korea's BlueNoroff APT using deepfake videos in macOS malware attacks
Critical Insight
The writing on the wall is clear. Preparedness against cyber crime and building cyber resilience is an urgent priority for every business. Organizations must combine the right tools with comprehensive incident response planning and regular cyber tabletop exercises to protect their brand and customer trust.