April 2025 marked a critical period for cyber incidents, with a series of high-profile breaches affecting major enterprises and government entities worldwide. The continued prevalence of ransomware, phishing, and cloud vulnerabilities underscores the importance of holistic cybersecurity frameworks and swift incident response mechanisms. This report documents ten significant incidents that occurred during the month, providing insights into tactics used and potential mitigations.
1. Marks & Spencer (UK) – Ransomware Attack
British retail giant Marks & Spencer was severely impacted by a ransomware attack reportedly executed by the group known as Scattered Spider. The breach disrupted multiple business operations, including online sales, in-store contactless payments, and click-and-collect services. The attack is believed to have been facilitated through a third-party service provider, exposing weaknesses in supply chain management. The financial repercussions were significant, with the company losing over £700 million in market value. The incident serves as a stark reminder of the cascading effects of vendor compromise.
- Threat Actor: Scattered Spider
- Impact: £700M market value loss; service disruptions
- Attack Vector: Third-party vendor compromise
- Affected Services: Online store, payment systems, logistics
Source: Reuters
2. Co-op Group (UK) – Data Breach
The Co-op Group, a major UK retailer, experienced a data breach claimed by the hacking group DragonForce. The attackers accessed personal data belonging to up to 20 million customers and employees, although no passwords or payment information were compromised. The intrusion focused on the membership scheme and internal corporate systems. This breach exemplifies how threat actors are increasingly targeting aggregated customer data for use in identity theft or further social engineering campaigns.
- Threat Actor: DragonForce
- Impact: Data exposure for 20 million individuals
- Data Compromised: Names, contact details
- Entry Point: Internal systems
Source: thetimes
3. Harrods (UK) – Cyberattack
Luxury department store Harrods was also affected in the wave of attacks targeting UK-based retail entities. While technical details remain sparse, the UK government cited the incident as evidence of growing cybersecurity risks and urged companies to treat digital protection as a business-critical priority. The attack likely leveraged vulnerabilities in Harrods’ digital infrastructure or supply chain, highlighting the persistent risk of lateral movement attacks in high-value networks.
- Threat Actor: Unconfirmed
- Impact: Disruption; national warning issued
- Sector: Luxury retail
- Security Response: Increased government oversight
Source: aljazeera
4. Oracle Cloud – Data Exposure Incident
Oracle Cloud reportedly suffered a breach that led to the potential exposure of millions of files stored in its infrastructure. While the full scope is still under investigation, initial assessments suggest misconfigured cloud permissions or API vulnerabilities may have been exploited. The incident reignited concerns over the security of cloud-based platforms and emphasized the importance of adhering to secure configuration baselines and monitoring practices.
- Platform Affected: Oracle Cloud
- Impact: Potential exposure of millions of files
- Root Cause: Misconfigured cloud settings suspected
- Security Focus: Cloud configuration hygiene
Source: swktech
5. Office of the Comptroller of the Currency (USA) – Email Compromise
In a highly sensitive breach, attackers accessed the email accounts of over 100 employees of the U.S. Office of the Comptroller of the Currency (OCC). The breach lasted for nearly a year and involved the unauthorized viewing of over 150,000 emails, many containing regulatory data and information from U.S. financial institutions. The attackers reportedly used compromised administrator credentials, underscoring the need for strict privilege access management and email security controls in regulatory agencies.
- Entity Affected: U.S. OCC
- Impact: Compromise of 103 email accounts; 150,000 emails accessed
- Method: Compromised administrator credentials
- Data Exposed: Regulatory and financial institution information
Source: csis
6. Hertz (USA) – Customer Data Breach
Car rental company Hertz disclosed a data breach in April that affected an undisclosed number of customers. The attackers gained access to sensitive personal and financial information, though the company has not yet confirmed the origin or mechanism of the breach. The incident is another illustration of the critical need for secure storage and encryption of customer data, especially in service sectors where large amounts of PII are handled daily.
- Company: Hertz
- Impact: Exposure of personal and financial data
- Status: Investigation ongoing
- Security Recommendation: Stronger encryption and monitoring systems
Source: medium
7. Phishing Attacks on Email Marketing Platforms
A sophisticated phishing campaign targeted several major email marketing platforms, including Mailchimp, SendGrid, HubSpot, Mailgun, and Zoho. These platforms were compromised and used to send malicious emails, exploiting the trust their domains typically carry with recipients. The attackers leveraged compromised credentials and insufficient internal detection mechanisms to operate undetected for a period. This breach illustrates how attackers can use legitimate communication channels to distribute malware or steal user data.
- Platforms Targeted: Mailchimp, SendGrid, HubSpot, Mailgun, Zoho
- Impact: Widespread phishing and malware distribution
- Attack Vector: Credential compromise
- Risk Level: High for organizations relying on email campaigns
Source: cm-alliance
8. Lafayette Federal Credit Union (USA) – MOVEit Vulnerability Exploitation
Lafayette Federal Credit Union became another victim of the MOVEit Transfer vulnerability, which was widely exploited by threat actors throughout the month. The breach resulted in the exposure of sensitive information for more than 75,000 individuals, including names, Social Security numbers, and banking details. This incident is part of a broader trend of targeting third-party software components, and it reinforces the importance of immediate patching and third-party risk assessment.
- Exploit Used: MOVEit vulnerability
- Data Compromised: PII of 75,000+ individuals
- Vulnerable Component: Third-party file transfer tool
- Mitigation: Patch management and vendor risk review
Source: linkedin
9. Ontario Public Service Employees Union (Canada) – Data Breach
The Ontario Public Service Employees Union (OPSEU) reported a cyberattack that potentially exposed the personal data of its members. Though details of the attack remain limited, initial reports suggest that internal systems were accessed unlawfully, prompting widespread concern over the digital security posture of labor organizations. This breach has intensified calls for better cyber hygiene and data protection strategies in nonprofit and union-operated systems.
- Victim: OPSEU
- Impact: Potential exposure of union member data
- Attack Type: Unauthorized system access
- Sector Risk: High for public and nonprofit sectors
Source: konbriefing
10. 4chan – Source Code and Credential Leak
In an unusual but impactful attack, the controversial imageboard 4chan was breached by an individual affiliated with a rival website. The attacker gained unauthorized access to source code and user login credentials, which were subsequently leaked. The breach raises broader questions about the security of niche forums and the potential for abuse when such data is exposed publicly. It also highlights the vulnerability of legacy systems with limited monitoring and modernization.
- Target: 4chan
- Impact: Leak of source code and user credentials
- Attacker Profile: Rival forum user
- Security Concern: Legacy systems and poor access control
Source: firstpost
As demonstrated by the diverse and disruptive nature of this month’s cyber incidents, no sector is immune to the growing sophistication of cyber threats. From supply chain compromises to nation-state-level espionage and opportunistic data breaches, the landscape continues to evolve rapidly.
Organizations must remain proactive—investing in threat detection, workforce training, secure architecture, and rapid incident response capabilities. Cyber resilience is not achieved through technology alone but through a culture of continuous vigilance, cross-sector collaboration, and strategic risk management.
By:
Cybersecurity Expert Team, Complaint Hub