Litany Of The Hacked: December 2025 Round-Up

Nothing quite so wraps up the year in the Litany Of The Hacked as a drunken raccoon sleeping it off on the floor of a restroom in a liquor store it raided (yes, this really happened; picture credit, Hanover, VA County Animal Protection and Shelter).

Before we cast blame on the poor life choices of our bandito friend, let us reflect on the gloat sometimes cast toward those hacked entities that we highlight each month. Remember, the point of the litany is not shame but awareness-raising that, well, these things happen. 

And so, the litany of the hacked for December 2025, which now lists some big-time targets and nation-state actors:

thousands of homeowners in South Korea with CCTV-type in-home cameras...Coupang (Korean online shopping site)...Multiple government departments and organizations in Israel, including Neftali Bennett, former PM of Israel...Multiple government departments in the UK...PornHub...Spotify...Blaze Credit Union in Minnesota...multiple crosswalk systems in California (& possibly northern Virginia)...Petroleos de Venezuela (alleged that it was hacked by the US)...passenger ferries and government offices (such as the postal system) in France...Russia's military registration database...

Special 'hooray!' mention: the Coupang hackers allegedly "deleted" the stolen data...OK...

Special litany mention award: US Department of Justice. In its work to redact information in the release of files pertaining to the convicted pedophile felon Jeffrey Epstein, DoJ incorrectly redacted multiple pieces of information. This meant that readers who tried to do this -- see how easy it is to hack things?! -- were able to strip out the redaction. Read this explanation by Eliza Orlins, a.k.a. @eorlins (via Brendan):

What do we learn from the DoJ situation? Joining the litany of the hacked is as easy as not following standard procedures.

Special mention of a sort: Rexing Companies. Rexing is a logistics management company. One of its clients is a distribution company that moves lobster meat from production facilities in New England to Costco stores. Apparently, a 'phishing scheme' (take it at face value) was perpetrated on Rexing wherein a scammer manipulated the email address for a trucking company to win a contract through Rexing to distribute lobster. The trucks were instead owned and operated by scammers who had stolen the identities of legitimate companies and drivers.

What do we learn from the Rexing situation? Joining the litany of the hacked is as easy as not paying close enough attention, or at least not verifying authorized access, every time.

Moving into 2026, we expect more emphasis on AI-based cybersecurity countermeasures. We also expect more cyber-intrusions to focus on systems controls versus plain old ransomware. Finally we expect that hackers will branch out into what could be called brick and mortar schemes by corrupting automation processes to steal materiel. All of these indicate that there will be plain ol' creation of liabilities by not using correct procedures and not verifying assumptions.

Whatever happens, the role of cybersecurity will become increasingly important and will need to continue to evolve. Practitioners will need to think more broadly regarding systems -- move beyond CPUs and servers to the systems that your cyber-infrastructure interacts with.

Enjoy the ride. 

Let's make our collective new year's resolution to have better cybersecurity. Ask us how you can avoid joining the litany or the bathroom of the ABC Store in Ashland VA.