Litany Of The Hacked: June 2025 Wrap-Up

In May we covered the litany of the hacked, a group of entities that had been successfully hacked (such as my dentist). 

The point was to note that this sort of thing happens and it has consequences. Pretending that you can whistle past the graveyard in cyberspace is foolish and delusional.

Then came the early June extension of the litany. Newly enrolled members in the US and UK included brand-forward retailers. Retailing has features that make it more susceptible to hacking, true enough.

And now: the litany of the hacked, June 2025 wrap-up edition. The litany now includes:

Columbia University...United Natural Foods...Aflac...Erie Indemnity...Philadelphia Insurance...International Criminal Court...The Washington Post...Hawaiian Air...WestJet...various financial institutions inside the Islamic Republic of Iran...

OK the last one is an anomalous situation but the other organizations were brought to heel to various extents just inside one month.

Question: do you think they had annual mandatory cybersecurity awareness training? If so, how did that work out?

We'll have a piece about this soon but these attacks indicate that the gangs perpetrating them -- and make no mistake these are gangs -- are getting better at doing cyber-crime. They seem to have found that manipulating human insiders works great for their purposes. 

Question: and, bad guys improving their game means you're now also improving yours -- right?

You cannot assume you are not a target or that you're safe because "nothing happened" or that your company was not attacked because the audit committee didn't mention it. 

"Nothing happened" in the year 2025 from a cybersecurity perspective means either you don't know it happened or you are paying attention and can prove your systems worked. If you can't prove you were not successfully breached then you have been successfully attacked.

You might be the next to join the litany.

Ask us how we can work with you to prove you were right.