Weekly Cybersecurity Report | Week 17, 2025

As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.

Weekly Cybersecurity Report | Week 17, 2025

 

Information security updates and events from the past week

1 – Marks & Spencer chain deals with cyber incident affecting order collection service

British retail giant Marks & Spencer (M&S) has informed the London Stock Exchange that it has been dealing with a cyber incident over the past few days, without providing specific details about the nature of the incident or its exact date.

Incident details:

– A message to customers said that the Click & Collect service (online ordering and in-store collection) had been affected

– CEO Stuart Machine stressed: “Our stores remain open, and the website and app are operating as normal”

– The retailer reported that “minor and temporary changes” were made to store operations to protect customers and the business

– The company notified the National Cyber ​​Security Centre (NCSC) and the Information Commissioner’s Office (ICO)

– External experts were brought in to help manage the incident

Public reactions:

– Users on social media have been reporting problems since Saturday

– The problems included product returns not being available

– Customers reported instances where Click & Collect orders arrived at the store, but staff were unable to deliver them due to technical difficulties

Marks & Spencer did not provide information on the nature of the incident, or the security measures taken.

https://www.londonstockexchange.com/news-article/MKS/cyber-incident-update/16999905

2 – Entertainment services giant Legends International reveals data leak

Entertainment website management company Legends International announced that it suffered a data breach in November 2024, which affected employees and people who visited the websites it manages.

Incident details:

– The company detected unauthorized activity on its IT systems on November 9, 2024

– The investigation, conducted with the assistance of external cybersecurity experts, confirmed that the hackers extracted personal information files

– In the notification letter it shared with the authorities, the company did not specify the types of information that was given.

– The company is offering victims 24 months of coverage for identity theft detection services through Experian

– Victims can sign up for the service until July 31, 2025

About Legends International:

– Sports and entertainment services company Global provider of website design, sales, partnerships, hosting, products and technology solutions

– Annual revenue of over $1.1 billion

– Manages over 350 sites on five continents, including SoFi Stadium in Los Angeles, One World Observatory in New York, AT&T Stadium in Texas, Santiago Bernabeu and Camp Nou stadiums in Spain, and Anfield and OVO Arena Wembley in the UK

– Recently expanded its operations with the acquisition of ASM Global, a leading website management company with a global presence

Response measures:

– The company states that security measures were already in place before the incident

– Additional measures were implemented when the systems were restored from the cyberattack

– No specific details were given about existing or new security measures

– The company states that there is no evidence of misuse of personal information because of the incident, but advises victims to remain vigilant

The extent of the data breach and the number of people exposed are not yet known. It is known but given the size of the company’s operations and the amount of sensitive information it manages, there is reason for concern. As for this writing, no ransomware group has claimed responsibility for the attack.

 

3 – Health insurance company Blue Shield of California reports the exposure of information from 4.7 million policyholders, following an incorrect configuration of Google Analytics on the company’s websites.

 

The incident occurred between April 2021 and January 2024, during which details such as the insured’s name, type and date of medical service, geographic location, gender, information about doctor searches, and more were exposed.

The company emphasizes that no ID numbers, bank details, or credit cards were exposed.

 

4 – The website of Taiwanese shipping company Wan Hai was unexpectedly shut down over the weekend – because of a cyber-attack on its information systems.

The company reported on the Taiwan Stock Exchange, but did not disclose who was behind the attack or what information was stolen.

 

5 – Massachusetts healthcare provider Onsite Mammography notifies more than 350,000 people that their personal and health information was compromised in a data breach.

The incident was discovered in October 2024 and involved unauthorized access to an employee’s email account, the company said in a notification letter sent to affected individuals.

Some of the emails in the compromised account’s inbox, onsite said, exposed personally identifiable information (PII) and protected health information (PHI).

A review of the exposed information completed in February 2025 determined that names, Social Security numbers, dates of birth, driver’s license numbers, credit card numbers and medical information such as mental and physical health or condition, and treatment information received were compromised.

 

6 – Two healthcare organizations hit by ransomware, confirm data breaches impacting more than 100,000 customers

One of them is Milwaukee, Bell Ambulance, which provides ambulance services. The company disclosed last week in a security advisory that it detected a breach on February 13, 2025.

An investigation showed that hackers gained access to files containing information such as name, date of birth, SSN, driver’s license number, financial information, medical and health insurance information.

Bell did not say in its public statement how many people were affected, but a review of the data breaches by the Department of Health and Human Services (HHS) revealed on Monday that 114,000 people were affected.

The Medusa ransomware group announced the Bell Ambulance hack in early March, claiming to have stolen more than 200 gigabytes of data from its systems.

The second healthcare organization to confirm a data breach affecting more than 100,000 people is Birmingham-based eye clinic Alabama Ophthalmology Associates.

Alabama Ophthalmology Associates disclosed on April 10 that the personal and protected health information (PHI) of current and former patients was compromised. This includes names, addresses, dates of birth, driver’s license information, SSNs, medical information, and health insurance information.

The organization identified a network breach on January 30th and an investigation showed that hackers had had access to its systems since January 22nd.

 

The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.