Cyber attacks showed no signs of slowing down this past May 2025, with high-profile breaches and settlements making headlines. While the root causes behind many of these breaches remain undisclosed, a familiar pattern persists: insufficient access controls, third-party exposures, and delayed detection. These recurring weaknesses highlight the continued urgency for organizations to adopt zero-trust security principles—designed to prevent lateral movement, minimize damage, and detect anomalies before it’s too late.
Compiled on June 2, the following list of data breach headlines published during the month of May contains details behind the cause of the breach (if available). Source articles have been organized by cause of breach (compromised credentials, human error, ransomware, social engineering, third party data breach, and undisclosed) with articles organized in reverse chronological order.
Security Breaches Reported in May 2025
Compromised Credentials
5/28/2025
LexisNexis leaked social security numbers and other personal data of over 364000 people | The Verge
The data analytics firm LexisNexis Risk Solutions says it suffered a breach that could have exposed the names, Social Security numbers, contact information, and driver’s license numbers of over 364,000 people, as reported earlier by TechCrunch. LexisNexis spokesperson Jennifer Richman told TechCrunch that an attacker obtained the data through the firm’s GitHub account
Human Error
5/16/2025
Australian Human Rights Commission Leaks Docs in Data Breach - Dark Reading
AHRC found that the incident involved an internal mistake that allowed the unauthorized disclosure of attachments uploaded through the commission's complaint form on its website. This affected complaints filed online from March 24 to April 10, and the documents were available for public access between April 3 and April 10. A wide variety of personal information may have been caught up in the issue depending on the document, of which roughly 670 were made "accessible in error."
Ransomware
5/28/2025
Coca-Cola ignores ransom demand, hackers dump employee data - Cybernews
Coca-Cola’s name showed up on a dark web leak site run by the Everest ransomware gang on May 22nd. The hackers claimed they’d swiped personal data from 959 employees, most tied to Coca-Cola’s Middle East distributor. Everest gave the company five days to contact them and make a deal before they dumped the data. Cybernews researchers investigated the leak and found 1,104 files, including passport scans, visa copies, and IDs, most linked to employees in Bahrain and the UAE.
5/26/2025
$4.4 Million Settlement Agreed to Resolve WellNow Urgent Care Data Breach Litigation
WellNow Urgent Care (formerly Five Star Urgent Care), a network of walk-in urgent care clinics in New York, Illinois, Michigan, and Ohio, has agreed to settle a class action data breach lawsuit for $4.4 million. The lawsuit was filed in response to a cyberattack and data breach detected on or around April 25, 2023, when ransomware was used to encrypt files. The data breach also affected WellNow Urgent Care’s parent company, ADMI Corp. In total, the protected health information of approximately 597,000 individuals was compromised in the attack. The affected individuals started to be notified about the data breach in February 2024.
5/27/2025
Nationwide Recovery Service Data Breach Victim List Grows - The HIPAA Journal
The list of victims from the data breach at the debt collection agency Nationwide Recovery Service (NRS) is steadily growing, with a further six NRS clients confirming that sensitive information was stolen in the attack. NRS identified suspicious activity within its computer network in July 2024 and took steps to prevent further unauthorized access. The attack resulted in a network outage, although it has not been confirmed if ransomware was involved.
5/26/2025
Nova Scotia Power Confirms Ransomware Attack, 280k Notified of Data Breach Nearly one month after it informed customers that it had been targeted in a cyberattack, Canadian electric utility Nova Scotia Power admitted that it has been dealing with a ransomware attack. The breach was disclosed by Nova Scotia Power and its parent company Emera on April 28, and on May 1 they admitted that hackers had stolen some customer information. The company highlighted that the incident did not cause any disruption to electricity generation, transmission and distribution facilities.
5/13/2025
M&S says some personal data was taken in cyber-attack | Marks & Spencer | The Guardian
Marks & Spencer has revealed that some personal information relating to thousands of customers was taken in the cyber-attack that has crippled its online operation for more than three weeks. The group has not been able to take any orders through its website or app since 25 April as it tries to resolve the problems caused by the attack, which has been linked to the hacking group Scattered Spider.
Social Engineering
5/17/2025
Leading crypto firm Coinbase faces up to $400m hit from cyber attack | BBC
The firm said it was contacted by hackers who claimed to have gained access to customer information, obtained by making payments to Coinbase contractors and employees. In a blog post, Coinbase said the criminals had gained access to "less than 1%" of its customer data, which they then used to impersonate the firm and trick people into handing over their crypto. The group then demanded $20m from Coinbase to keep it quiet - but it refused to pay the bribe and instead promised to pay back every person who got scammed.
Third Party Data Breach
5/28/2025
Adidas Confirms Data Breach, Customer Contact Details Exposed - PCMag
"Adidas recently became aware that an unauthorized external party obtained certain consumer data through a third-party customer service provider," Adidas says. "We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts." Details about affected data are scarce, but the company confirms it doesn't contain passwords, credit cards, or any other payment-related information.
5/12/2025
Ascension: Software Exploit Breach Affects Nearly 440,000 - GovInfoSecurity
Ascension Health is notifying nearly 440,000 patients of a compromise involving a former business partner and the exploit of a third-party software vulnerability. Ascension in its April 28 notice about the breach said that on Dec. 5, 2024, it learned that its patient information may have been involved in a potential security incident. The timing of the incident appears to line up with hundreds of Clop ransomware gang data thefts involving exploitation of a zero-day vulnerability in Cleo Communications' managed file transfer software late last year, some experts said. Ascension did not immediately respond to requests for additional details about the breach, including the type of former business partner at the center of the incident and whether an exploit of a Cleo MTF software vulnerability was involved.
Undisclosed
5/29/2025
Victoria's Secret Takes Down Website After Security Breach - The New York Times
Victoria’s Secret’s website remained offline on Thursday, days after the lingerie company was hit by a cyberattack that has disrupted its online sales and sent its stock price lower. It was unclear who perpetrated the attack on Victoria’s Secret, which is based in Reynoldsburg, Ohio.
5/28/2025
Major data hack nabs 184M passwords for Google, Apple and more: 'Cybercriminal's dream' | NY Post
The publicly accessible database contained 184,162,718 unique logins and passwords reportedly tied to email providers such as Google and a range of Microsoft products, as well as social media platforms like Facebook, Instagram and Snapchat. This leak affected everything from Apple and Google usernames and passwords and social media logins to bank accounts. The database containing the compromised passwords was ironically unencrypted and not password-protected itself, the report said. It’s unclear exactly how the data may have been compromised. The database may have been compiled via infostealer malware
5/28/2025
Cooper Health System reports data security breach | MobiHealthNews
In a notice posted on its website, the three-hospital Southern New Jersey health system said that on March 26, 2025, it learned that certain personal, protected health information was "accessed and acquired" without permission by an unknown actor around May 14, 2024. In May 2024, Cooper said that it became aware of abnormal network activity and promptly took steps to secure its systems. During the investigation, Cooper discovered that certain data stored in its systems was potentially acquired without authorization.
5/26/2025
Tiffany confirms data breach in South Korea | The Chosun Daily
Tiffany & Co. has confirmed a data breach affecting customers in South Korea, marking the second such incident involving an LVMH Moët Hennessy Louis Vuitton brand after a similar case at Dior. On May 26, Tiffany Korea notified select customers via email of a cybersecurity breach involving unauthorized access to a vendor platform used for managing customer data. No public notice regarding the breach appeared on the company’s official website at the time of reporting.
5/19/2025
'Significant amount' of private data stolen in Legal Aid hack - BBC
A "significant amount" of private data including details of domestic abuse victims has been hacked from Legal Aid's online system. The Ministry of Justice said the agency's services were hacked in April and data dating back to 2010 was downloaded. The BBC understands that more than two million pieces of information were taken.
5/14/2025
Steel giant Nucor Corporation facing disruptions after cyberattack - Bleeping Computer
A cybersecurity incident on Nucor Corporation's systems, the largest steel producer in the U.S., forced the company to take offline parts of its networks and implement containment measures. “Nucor Corporation recently identified a cybersecurity incident involving unauthorized third party access to certain information technology systems used by the Company,” reads the SEC filing. No details about the date or type of the attack were provided, so it’s unknown if the incident involved data theft or encryption.
5/12/2025
Alabama IT Office Probing 'Significant Security Breach' - GovTech
The state of Alabama’s Office of Information Technology reported a “significant security breach” that has affected systems across the state. “Investigations are also underway to understand the full scope of the event, and while some state employee usernames and passwords were compromised, it is currently believed that no Alabamian’s personally identifiable information has been retrieved.”
5/9/2025
160,000 Impacted by Valsoft Data Breach | Security Week
VMS firm Valsoft Corporation says the personal information of over 160,000 people was compromised in a February 2025 data breach. The incident, discovered on February 14, involved unauthorized access to a non-production network of AllTrust subsidiary Aspire USA. “Aspire’s internal security team identified an in-progress file transfer which they were able to interrupt mid-transfer,” the company says in a notification letter to the impacted individuals.
5/12/2025
Security Firm Andy Frain Says 100000 People Impacted by Ransomware Attack | Security Week
Illinois-based physical security company Andy Frain Services revealed on Friday that a data breach suffered last year impacts more than 100,000 people. The data breach notification letter sent by the company to impacted individuals does not contain any technical details on the incident and it’s unclear exactly what type of information has been compromised. The Black Basta ransomware group took credit for the Andy Frain hack in November 2024, claiming to have stolen 750 Gb of files, including ones related to accounting, HR, and legal departments.
5/13/2025
Netgain Technology Agrees to $1.9 Million Settlement to Resolve Data Breach Litigation | HIPAA Journal
Netgain Technology has agreed to settle consumer data breach litigation filed in response to a 2020 ransomware attack and data breach. Netgain will establish a $1.9 million settlement fund to cover claims from class members. A ransomware group gained access to Netgain’s environment between September and December 2020 and deployed ransomware on November 24, 2020.
5/13/2025
Dior apologizes for Chinese customer data breach - Shanghai Daily
According to text messages Dior sent to some of its Chinese customers on Monday, it said that it detected unauthorized access attempts to its customer database by an external party on May 7, 2025. The company said it immediately took steps to contain the breach and launched an investigation with the help of cybersecurity experts.
Access Control Matters
May’s breach headlines offer another clear reminder: attackers aren’t slowing down, and outdated defenses continue to leave organizations exposed. Most breaches don’t rely on sophisticated zero-day exploits—they succeed because of neglected security basics: excessive trust, poor segmentation, and lack of visibility. When access is granted broadly and retained indefinitely, it’s only a matter of time before attackers take advantage.
To mitigate this risk, organizations must prioritize real-time, context-aware security controls. That means adopting zero-trust strategies that continuously verify access requests based on who’s asking, where they’re coming from, what device they’re using, and why they need access.
Pomerium is built for this environment. As a zero-trust reverse proxy grounded in continuous verification, Pomerium enables secure, identity-aware access to internal applications—without relying on a VPN. It’s how companies transition from reactive defenses to resilient, modern security architectures—before the next breach makes the news.
Try Pomerium Today.
