The Litany Of The Hacked: Are You Next?

Marks & Spencer. Coinbase. United Healthcare. US Departments of Commerce and Treasury. GrubHub. Microsoft 365 accounts. The National Assembly of Ecuador. My dentist.

This is the litany of the hacked, the partial list of entities that have been successfully hacked by cyberthieves in the recent past.

Is your prospect on the list? Are you on the list?

If your company, or your prospect's company, is not taking cybersecurity risk management seriously, this creates another opportunity for thieves to push the company into the litany.

The doors used by cyber-attackers differ. This is why subscribing to one service, or relying on what you did a few years ago, or annual spam email training, does not work.

One of my favorites is the Coinbase attack from May 2025. Apparently the attackers bribed non-US contractors and associates to give them just enough access to gain crypto account information on Coinbase's customers. Tens of millions of dollars were lost. In contrast, my dentist and Marks & Spencer both lost customer information through a point-of-service credit card hack. Marks & Spencer lost around £300 million in April 2025 and won't have full functionality until June 2025.

I fired my dentist.

Here's a bonus mention. The 2025 Cannes Film Festival was blacked out due to, it is suspected, arson that destroyed a power substation. While this is the most different attack among the litany here, it is consistent with an unanticipated cyber incident -- much like the Iberian day-long blackout in April 2025 and the Heathrow Airport fire in 2025 which, as we noted, was made more likely by a (bogus) "cost-benefit analysis." Remember: cybersecurity is a system; it is not strictly about server configurations and it should not be the default from a cost-savings perspective. 

In each recent case the attackers used different approaches. The implication for you is that you cannot rely on one single cybersecurity approach, instead you need to have an agile, adaptive, provable system.

No matter where your organization or prospect is on the CISO continuum, you must have these practices:

• adopt the best cybersecurity risk management model
• practice cybersecurity risk management as relationship management
• constantly prove that your risk management practices are current
• assume that you could have insider threat actors (e.g., the Coinbase situation)
• clarify what's important for you to protect, and spend your cybersecurity money on those things

Leave a comment in the box about how you have reviewed your cybersecurity risk management practices in the wake of recent attacks.

Ask us how you can turn cybersecurity assurance into a competitive advantage. You may recite it, but don't join the litany.