North America
Canadian Investment Regulatory Organization (CIRO)
Canada’s national self-regulatory body, the Canadian Investment Regulatory Organization (CIRO), revealed that hackers compromised the personal information of approximately 750,000 individuals in an August 2025 cyberattack.
Following a detailed forensic investigation, CIRO confirmed the full scope of the incident, which it first detected on August 11 and disclosed on August 18 last year. The investment watchdog said the attack, stemming from a phishing campaign, impacted its member firms and their registered employees. Exposed data includes personal information, such as annual income, dates of birth, government-issued ID numbers, phone numbers, investment account numbers, Social Insurance numbers and account statements. CIRO noted that since it does not store passwords, PINs or security questions, none of those were affected.
At this time, CIRO says it has no evidence that the compromised information has been misused or surfaced on the dark web. However, the organization stated it will continue to closely monitor for any signs of abuse or further exposure.
SourceHow it could affect your business
Phishing campaigns are becoming more convincing and harder to spot as attackers increasingly use AI to craft realistic messages and impersonate trusted entities. Once a single user is tricked, attackers can compromise the entire network and gain access to sensitive data. To reduce risk, organizations should combine user awareness training with stronger email security, multifactor authentication (MFA) and continuous monitoring for suspicious activity.
North America
Multiple MNCs
A cybercriminal compromised more than 50 multinational companies without any advanced exploit, exposing sensitive corporate and customer data across multiple industries.
According to reports, a threat actor known as Zestix (also tracked as Sentap) stole and listed the data from dozens of global enterprises for sale on the dark web. Alarmingly, the breach required no sophisticated exploitation techniques — the attacker relied entirely on valid credentials sourced from infostealer malware logs on the dark web. The affected organizations span multiple sectors and include Iberia Airlines, Burris & Macomber, Maida Health, Intecro Robotics, and Pickett & Associates. Without multifactor authentication in place, the attacker was able to log in directly to corporate file-sharing portals and freely access and exfiltrate data.
The stolen credentials were traced back to several infostealer variants, including RedLine, Lumma and Vidar. In some cases, the credentials had been exposed for years, sitting unnoticed until they were finally weaponized, highlighting how long-forgotten leaks can still lead to serious breaches.
SourceHow it could affect your business
Infostealer malware is becoming a growing threat, quietly collecting login credentials that attackers can exploit months or even years later. Once valid credentials are exposed, attackers can access corporate systems without triggering traditional security alerts, especially when multifactor authentication is not in place. Organizations should use dark web monitoring to spot exposed credentials early and enforce multifactor authentication to prevent stolen logins from being abused.
United States
Central Maine Healthcare
Central Maine Healthcare confirmed that a data breach it experienced last year compromised the personal, treatment and health insurance information of more than 145,000 patients.
The health care provider detected unusual activity within its IT network on June 1, 2025. Further investigation revealed that an unauthorized party had gained access to its environment as early as March 19, 2025. Central Maine Healthcare said the exposed data includes names, dates of birth, Social Security numbers, treatment details, provider names, dates of service and health insurance information, impacting 145,381 patients.
In response, the organization stated that it has enhanced its monitoring and alerting capabilities to help prevent similar incidents. It also advised potentially affected individuals to carefully review statements from healthcare providers and health insurance plans.
SourceHow it could affect your business
This incident shows how attackers can remain undetected inside networks for months, quietly collecting sensitive data. These “time-bomb” tactics increase the damage by allowing attackers to study systems and expand access over time. Continuous threat monitoring and timely alerting are critical to spot suspicious activity early and limit the impact before data is exposed.
Europe
AZ Monica
A Belgian general hospital network, AZ Monica, was forced to shut down all servers, cancel scheduled procedures and transfer critical patients after a cyberattack disrupted its operations.
On January 13, the hospital network experienced a serious IT outage and proactively shut down all servers across its campuses in Deurne and Antwerp. AZ Monica confirmed it launched an investigation and notified police and prosecutors, though it has not shared other details about the intrusion.
While some reports mentioned possible ransom demands, hospital officials and authorities have not yet confirmed whether ransomware was involved.
SourceHow it could affect your business
Cyberattacks on healthcare organizations are rising, driven by the value of patient data and the pressure attackers can create by disrupting care. This incident shows that breaches in healthcare do not just compromise sensitive information but also affect patient safety by forcing hospitals to cancel procedures and divert critical patients. To reduce this risk, healthcare providers need rapid threat detection and continuous monitoring to spot intrusions early and respond before disruptions spread across clinical systems.
Asia & Pacific
Kyowon
South Korean conglomerate Kyowon confirmed a ransomware attack that disrupted its operations and may have exposed customer data.
Kyowon Group, which operates across education, publishing, media and technology, detected abnormal activity in its network on January 10, 2025. The company immediately activated its incident response plan and isolated affected servers to stop the attack from spreading. Kyowon said there are signs that data may have leaked, though the full impact on customer information is still under investigation.
According to reports, the attackers gained access through an externally exposed server connected to the internet. From there, they moved into Kyowon’s internal systems, allowing ransomware to spread across multiple subsidiaries.
SourceHow it could affect your business
Defending against ransomware is a race against time. Once attackers gain access, they can move quickly, encrypt systems and bring operations to a halt before teams even realize what’s happening. Proactive monitoring is critical for detecting suspicious activity early and stopping an attack before it spreads. Just as important are encrypted, ransomware-resilient backups, which allow businesses to restore data and resume operations without paying a ransom or relying on attackers to keep their promises.
