Top Breaches and Cyberattacks in May 2025

Cybersecurity threats continued to escalate in May 2025, with major data breaches and cyberattacks exposing millions of records, compromising critical systems, and raising global concerns around data privacy, corporate accountability, and regulatory reform. Here are the most significant incidents that made headlines:

1. Co-op Confirms Data Theft After DragonForce Ransomware Breach

Co-op admitted to a major data breach after the DragonForce ransomware group stole personal details of millions of members. The attackers leveraged social engineering tactics to access internal systems, triggering alarms over identity security and the robustness of the company’s breach response protocol.

2. VeriSource Breach: 4 Million HR Records Exposed in Delayed Disclosure Scandal

VeriSource, a provider of HR services, suffered one of the most severe HR data breaches in history. Cybercriminals accessed sensitive personal data—including Social Security numbers—of over 4 million individuals. Shockingly, victims were not notified for over a year. The delay raised serious concerns over data stewardship and triggered renewed calls for stricter regulatory mandates.

3. iHeartMedia Sued Over Delayed Data Breach Disclosure

iHeartMedia faced legal action after a breach tied to exposed GitLab credentials compromised both corporate and customer data. The attack impacted millions globally and included financial information and proprietary source code. The delayed disclosure led to a major lawsuit, highlighting the legal consequences of poor breach communication.

4. Pearson Cyberattack Exposes Customer Data Worldwide

Education giant Pearson was the target of a major cyberattack involving the same GitLab credential exposure seen in the iHeartMedia incident. This breach affected millions and led to the compromise of sensitive corporate and customer information, including financial data and source code.

5. BreachForums Admin Fined $700K for Healthcare Data Breach

In a landmark legal judgment, Conor Fitzpatrick (aka “Pompompurin”), the former admin of BreachForums, was fined $700,000. The penalty is to compensate victims of a healthcare data breach and is seen as a milestone in holding cybercriminals financially accountable.

6. Cocospy Stalkerware Apps Shut Down After Massive Data Breach

Stalkerware apps Cocospy, Spyic, and Spyzie were taken offline after a flaw exposed messages, locations, photos, and email addresses of millions. Over 3.2 million emails were leaked. Victims were urged to check devices and remove the spyware to prevent further exposure.

7. Legal Aid Agency Breach Exposes Data of Hundreds of Thousands

A major breach at the UK's Legal Aid Agency exposed criminal records, financial information, and contact data of applicants dating back to 2010. The attack, attributed to a criminal gang, drew attention to vulnerabilities in outdated justice IT infrastructure.

8. 184 Million Accounts Exposed in Massive Credential Leak

A massive leak revealed login credentials for Apple, Google, Microsoft, Meta, and more. With no clear source, the unprotected database exposed emails, passwords, and banking credentials of 184 million users globally. The scale of this breach sparked fears of widespread identity fraud.

9. Coinbase Data Breach Hits 69,000+ Customers

Coinbase reported a data breach affecting 69,461 users. The breach originated from a third-party vendor and exposed names, emails, and home addresses. Although no passwords or funds were stolen, the incident highlighted risks inherent in third-party integrations.

May 2025 was a wake-up call for organizations across all sectors. From financial services and media to education and government, no industry was spared. These incidents underline the urgent need for real-time compliance, stronger breach notification policies, improved threat detection, and a culture of proactive cybersecurity readiness.

Organizations must ask themselves not just how secure their systems are—but how fast they can detect, respond, and recover. The stakes have never been higher.