Cyberattacks in 2025 affected everyday services used by millions of people, from shopping and travel to healthcare and local government. Some incidents exposed large amounts of personal information, while others disrupted services for days or weeks, preventing people from placing orders, accessing medical records, or using public websites. In many cases, the effects were felt immediately by customers, patients, and residents rather than remaining confined to internal systems.
The year also showed how interconnected digital services have become. A single attack on a supplier or technology provider was sometimes enough to disrupt multiple organisations at once, including airports, retailers, and manufacturers. Ransomware remained a common cause of disruption, but data breaches and access misuse also played a major role.
This report reviews the most significant cyberattacks reported in 2025, focusing on incidents that caused major disruption or exposed large amounts of data and had clear effects beyond internal systems.
Marks and Spencer cyberattack halts online operations
Marks and Spencer disclosed a cyber incident in April 2025 that led the company to suspend online orders across its UK and Ireland websites and mobile applications. In customer communications and investor updates, the retailer said it took systems offline as a precaution while it investigated unauthorised activity affecting parts of its digital infrastructure.
The disruption lasted several weeks, during which customers were unable to place online clothing orders. Marks and Spencer later stated that services were gradually restored following remediation work and security improvements. In subsequent financial disclosures, the company said the incident had a material impact on trading and would affect operating profit for the financial year.
The company also acknowledged that the incident involved a third-party supplier and said it was reviewing supplier access and internal controls as part of its response.
Jaguar Land Rover cyberattack disrupts manufacturing
Jaguar Land Rover confirmed a cyberattack in September 2025 that caused a significant disruption to its manufacturing operations. In statements to employees, suppliers, and investors, the company said it shut down parts of its IT environment to contain the incident, which led to temporary closures at multiple production facilities.
The company later confirmed that the disruption affected vehicle output for several weeks and placed pressure on its supply chain. Jaguar Land Rover said it worked with cybersecurity specialists and government agencies to restore systems safely and resume production.
In follow-up disclosures, the company acknowledged the financial impact of the shutdown and said it had strengthened its cyber resilience programme, particularly around operational technology systems.
Airport check-in disruptions linked to third-party systems
Several European airports experienced passenger check-in disruptions in 2025 due to a ransomware incident affecting a shared technology provider used for automated check-in services. Airport operators issued public notices stating that they had switched to manual processes while systems were unavailable.
The technology provider involved confirmed it had suffered a ransomware attack and said it isolated affected systems and had begun recovery efforts. Airport authorities stated that flight safety was not affected, but acknowledged delays and longer queues for passengers.
The incident highlighted how a cyberattack at a single supplier can affect multiple transport hubs at once, even when airport operators’ own systems remain secure.
City of St Paul shuts down systems after cyberattack
The City of St Paul, Minnesota, confirmed a major cyberattack in July 2025 that led officials to shut down many government IT systems as a precaution. In public statements, city authorities said the shutdown was necessary to protect critical infrastructure while investigators assessed the scope of the incident.
Online services, internal systems, and some administrative functions were temporarily unavailable, though emergency services continued to operate. The city later confirmed that data had been accessed and that it was working with external cybersecurity experts to restore systems securely.
Officials said the incident would have long-term costs related to recovery, system rebuilding, and security improvements.
Nevada state government closes offices following cyber incident
The Nevada state government confirmed a cyber incident in 2025 that disrupted websites, phone lines, and internal systems, leading to the temporary closure of some state offices. In official statements, state authorities said they took systems offline to prevent further impact while investigating unauthorised activity.
Emergency services remained operational, and officials said there was no indication of compromise to election systems. The state said it was working to restore services and assess whether any personal data was accessed.
The incident underscored the impact cyberattacks can have on public access to government services.
Kettering Health ransomware disrupts patient care systems
Kettering Health, an Ohio-based healthcare system, confirmed it was affected by a ransomware attack in May 2025. In updates posted to its website, the organisation said it experienced a system-wide technology outage that limited access to electronic health records and other clinical systems.
The health system said it activated emergency procedures, diverted some services, and worked to restore systems in phases. In later updates, Kettering Health confirmed that core components of its electronic health record platform were brought back online after several weeks.
The organisation stated it notified regulators and said it was reviewing security controls and incident response processes following the attack.
Coupang discloses breach affecting nearly 34 million customers
South Korean e-commerce company Coupang disclosed a major data breach in 2025 that affected approximately 33.7 million customer accounts. In a statement, the company said it discovered unauthorised access to customer information and reported the incident to national data protection authorities.
Coupang said the exposed data included names, contact details, and shipping information, but did not include passwords or payment card information. The company stated that the breach originated from unauthorised access via overseas servers and that it had blocked the access path and enhanced monitoring.
The scale of the disclosure made it one of the largest confirmed consumer data breaches of the year.
SoundCloud confirms unauthorised access to user data
SoundCloud confirmed a cybersecurity incident in 2025 that resulted in unauthorised access to user information associated with an internal service dashboard. In a statement to users, the company said the data involved included email addresses and publicly visible profile information.
SoundCloud stated that passwords and payment information were not affected and said it took steps to secure the affected systems. The company also acknowledged temporary service disruptions during containment efforts.
The incident affected an estimated tens of millions of user accounts and prompted SoundCloud to review internal access controls.
Pornhub discloses third-party analytics incident
Pornhub confirmed a cybersecurity incident involving a third-party analytics provider used by its premium services. In a public disclosure, the company said certain user information associated with analytics data may have been exposed.
Pornhub stated that its core systems were not breached and said it worked with the third-party provider to investigate the incident. The company notified affected users and said it was reviewing how third-party analytics data is collected and stored.
The incident drew attention to the sensitivity of behavioural data stored outside primary platforms.
What the 2025 incidents showed
Across the major cyberattacks disclosed in 2025, several patterns emerged. Many of the most disruptive incidents involved third-party systems, supplier access, or shared technology platforms. Others stemmed from credential misuse or insufficient segmentation between operational and administrative systems.
Data exposure remained a central risk, even when payment or authentication data was not involved. Customer contact information, behavioural data, and internal records were repeatedly targeted and disclosed. At the same time, operational disruption became more visible to the public, particularly when attacks affected shopping, travel, healthcare, or government services.
The cyberattacks of 2025 demonstrated how digital incidents can quickly translate into real-world consequences. Service outages, manufacturing delays, and restricted access to essential systems showed that cybersecurity failures increasingly affect everyday activities, not just internal networks.