Litany Of The Hacked: October 2025 Round-Up

Welcome the litany of the hacked, a monthly list of entities that have been successfully hacked.

The point of these litany posts is to note that this sort of thing happens and it has consequences. Pretending that you can whistle past the graveyard in cyberspace is foolish and delusional.

And so, the litany of the hacked, October 2025 edition. This month has been so busy, we'll call it "Hack-Tober":

Asahi Group (beer distillers & distribution) ... Oracle e-Business Suite ... US Customs & Border Protection ... US Federal Emergency Management Agency ... Williams & Connolly (law firm) ... a variety of airport public announcement systems in the US and various countries ... UK Ministry of Defence ... PRC's National Time Service Centre ... Heywood Hospital and Athol Hospital (both in MA) ... local government service offices in Texas, Tennessee, and Indiana ...  

And, as a bonus, here are the hacks disclosed in October 2025 that had been ongoing prior to this: SimonMed Imaging, Ribbon Communications, Inc., DeckMate 2 card shuffling machines for casinos.

These attacks indicate that the gangs perpetrating them -- and make no mistake these are gangs (or state-level actors, take your pick) -- are getting better at doing cyber-crime. They have found that manipulating human insiders, even really smart and unsuspecting ones, works great for their purposes. It's inexpensive, it can be improved, it can happen quickly, and it can be deployed at scale -- talk about better, cheaper, and faster! Just remember: not all cybercrime is the same.

In a new twist, Security Week reports that the perpetrators are joining in lawsuits against the organization that they hacked, Salesforce.com, filed on behalf of other companies whose data were lost in the breach:

“They claim they will collaborate with plaintiffs in ongoing lawsuits against Salesforce over recent breaches unless Salesforce pays them directly,” Soby said. "This tactic is unusual. To our knowledge, it is the first time an attacker has threatened to participate in or leverage existing litigation against the vendor of a compromised platform and its native security tools as part of an extortion campaign,” he added.

That's right: the gangs hacked Salesforce, which was then sued by its clients, and the gangs joined in the suit against Salesforce.

OK then...

There are four questions for you as you think about these events.

Question 1: when the opposition improves their game, that means you're now also improving yours -- right?

Question 2: you see that it's not only -- sorry but certainly -- less-cybersecurity-sophisticated entities such as FEMA but also tech companies that get hacked -- right?

You cannot assume you are not a target or that you're safe because you're Google or because "nothing happened" or that your company was not attacked because the audit committee didn't mention it. 

"Nothing happened" in the year 2025 from a cybersecurity perspective means either you don't know it happened or you are paying attention and can prove your systems worked. If you can't prove you were not successfully breached then you have been successfully attacked.

Not upping your cybersecurity defense strategy means you might be the next to join the litany. 

It boils down to two more questions:

Wrong question: "Why would they attack us?"

Right question: "When and how will they attack us?"

See you in November. 

Ask us how you can avoid becoming part of the litany.