Litany Of The Hacked: September 2025 Wrap-Up

(Image of a dog drawn by Adriaen van de Venne that is thought to have inspired Rembrandt; Rijksmuseum).

Oh yes. Here we go again: the litany of the hacked, a monthly list of entities that have been successfully hacked.

The point of these litany posts is to note that this sort of thing happens and it has consequences. Pretending that you can whistle past the graveyard in cyberspace is foolish and delusional.

And so, the litany of the hacked, September 2025 edition. Apparently the cybersecurity dog didn't bark when hackers came for these entities:

Kido International (child care chain in the UK)...Collins Aerospace (commercial passenger flight check-in systems)...Pulkovo Airport (St Petersburg, RU)...Uvalde (TX) Consolidated Independent School District...City of New Orleans (technically, Orleans Parish, LA)...

These attacks indicate that the gangs perpetrating them -- and make no mistake these are gangs -- are getting better at doing cyber-crime. They have found that manipulating human insiders, even really smart and unsuspecting ones, works great for their purposes. It's inexpensive, it can be improved, it can happen quickly, and it can be deployed at scale -- talk about better, cheaper, and faster! Just remember: not all cybercrime is the same.

Bonus ugh!: the New York Times has an alarming story (behind paywall) about how the Chinese Ministry of State Security is actively working to increase its cyber-attack expertise.

Bonus yay!: the London Transport (e.g. the Tube) hackers from 2024 were captured and arraigned this month, as was a teen who successfully hacked Las Vegas casinos in 2023.

There are four questions for you as you think about these events.

Question 1: when the opposition improves their game, that means you're now also improving yours -- right?

Question 2: you see that it's not only -- sorry but certainly -- less-cybersecurity-sophisticated entities such as child care centers and poor Uvalde, TX but also tech companies that get hacked -- right?

You cannot assume you are not a target or that you're safe because you're Google or because "nothing happened" or that your company was not attacked because the audit committee didn't mention it. 

"Nothing happened" in the year 2025 from a cybersecurity perspective means either you don't know it happened or you are paying attention and can prove your systems worked. If you can't prove you were not successfully breached then you have been successfully attacked.

Not upping your cybersecurity defense strategy means you might be the next to join the litany. 

It boils down to two more questions:

Wrong question: "Why would they attack us?"

Right question: "When and how will they attack us?"

See you in October.

Ask us how you can avoid becoming part of the litany.