What Are the Biggest Cyber Attacks, Ransomware Incidents, and Data Breaches That Happened in June 2025?
In June 2025, several major cyber attacks, ransomware incidents, and data breaches impacted global organizations across sectors. Victims included United Natural Foods, The North Face, ZoomCar, McLaren Health, and more. These events highlight the critical need for businesses to adopt a proactive cybersecurity strategy, including updating software, running tabletop exercises, and strengthening incident response plans. From ransomware groups like INC Ransom and Scattered Spider to nation-state actors like Predatory Sparrow, June 2025 saw a diverse range of cyber threats unfold globally.
Table of Contents
- Why June 2025 Became a Tipping Point in Cybersecurity
- Top Ransomware Attacks in June 2025
- Major Data Breaches That Shook June
- Notable Cyber Attacks
- New Ransomware and Malware Families
- Zero-Days and Security Patches Released
- Lessons from June: Why Every Business Needs a Cyber Resilience Strategy
- Actionable Steps Moving Forward
- Conclusion
- Frequently Asked Questions (FAQs)
United Natural Foods. The North Face. Cartier. ZoomCar. The Washington Post. What do these companies have in common? Very little—until June 2025, when each became the latest victim of cybercrime’s ruthless evolution.
June wasn’t just another month. It was a warning shot.
Why June 2025 Became a Tipping Point in Cybersecurity
As summer rolled in, a cyberstorm hit industries from healthcare to luxury retail, and from public administration to airline carriers. This wasn't about just data anymore—it was about disruption, extortion, and widespread digital chaos. Ransomware gangs, hacktivist collectives, and nation-state actors exploited misconfigurations, unpatched systems, and human error.
“A Cyber Incident Response Plan is no longer a ‘nice-to-have’—it’s a lifeline.”
—Cyber Resilience Analyst, RedTeam Global
Top Ransomware Attacks in June 2025
| Date | Victim | Attack Summary | Threat Actor | Impact |
|---|---|---|---|---|
| June 01 | Durant (OK), Lorain County (OH), Puerto Rico Justice Dept | Courts and services disrupted across multiple states | RansomHub | Government paralysis |
| June 04 | Lee Enterprises | 40,000 SSNs leaked; $2M recovery cost | Qilin Ransomware | Publishing operations affected |
| June 05 | Kettering Health | Hospitals diverted, health records breached | Interlock | 14 hospitals affected |
| June 06 | Optima Tax Relief | 69 GB data leaked (double extortion) | Chaos Ransomware | Financial and client data loss |
| June 09 | Sensata Technologies | Employee personal data exposed | Unknown | 15,000+ affected |
| June 10 | Yes24 (South Korea) | Concerts cancelled; platform offline | Unknown | Entertainment industry hit hard |
Major Data Breaches That Shook June
| Date | Organization | Breach Summary | Likely Actor | Data Exposed |
|---|---|---|---|---|
| June 02 | The North Face | 3,000 customer accounts breached | Scattered Spider | Personal purchase data |
| June 02 | Cartier | Targeted customer data stolen | Scattered Spider | Customer info |
| June 09 | TxDOT (Texas) | 300,000 crash reports leaked | Unknown | SSNs, license data |
| June 12 | Aflac | Claims and SSNs accessed | Scattered Spider | Health & PII |
| June 16 | ZoomCar (India) | 8.4 million records stolen | Unknown | Names, emails, vehicle data |
| June 17 | Episource | 5.4M patient records compromised | Unknown | Medical, insurance data |
| June 22 | McLaren Health | 740,000+ records leaked | INC Ransom | Health, ID, insurance info |
Notable Cyber Attacks
-
United Natural Foods: Distribution halted, orders delayed.
-
The Washington Post: Journalists' emails accessed.
-
WestJet Airlines: Internal systems hit; app and site went down.
-
Bank Sepah & Nobitex (Iran): Politically motivated attacks by Predatory Sparrow.
New Ransomware and Malware Families
-
Acreed Malware: Replacing Lumma as top infostealer in Russian underground.
-
DarkGaboon: Leaking LockBit 3.0 to attack domestic Russian targets.
-
SuperCard: NFC-based malware stealing financial data via Android.
Zero-Days and Security Patches Released
| Date | CVE(s) | Summary |
|---|---|---|
| June 02 | CVE-2025-21479 to 21480 | Qualcomm GPU zero-days |
| June 03 | CVE-2025-37093 | HPE StoreOnce vulnerability |
| June 10 | CVE-2025-33053 | WebDAV zero-day used in APT attacks |
| June 13 | CVE‑2024‑57727 | RMM software exploited in ransomware |
| June 26 | CVE-2025-20281, 20282 | Critical Cisco ISE RCE flaws |
Lessons from June: Why Every Business Needs a Cyber Resilience Strategy
Many companies targeted in June were not lacking in cybersecurity tools. What they lacked was preparedness:
-
No tabletop simulations of real-world incidents.
-
Outdated or missing incident response plans.
-
Limited cross-department coordination during a breach.
ZoomCar, for example, responded quickly to their breach—but the lack of clarity around data misuse left customers confused and media spinning.
Actionable Steps Moving Forward
-
Perform a Ransomware Risk Assessment
Simulate attacks like those seen in Kettering Health or Optima Tax Relief. -
Update Software and Patch Vulnerabilities
Stay ahead of exploits like the ASUS, Chrome, or WebDAV zero-days. -
Train Your Staff
Human error remains the weakest link. Make awareness training routine. -
Adopt a Zero Trust Architecture
Compartmentalize access, enforce MFA, and monitor everything. -
Run Tabletop Exercises Quarterly
Don't just plan—practice your breach response.
Conclusion
June 2025 will be remembered not just for how much damage cybercriminals caused—but for how prepared (or not) organizations were.
If your company hasn’t re-evaluated its risk posture after these incidents, the question is no longer if you’ll be attacked—but when.
FAQs
What were the major ransomware attacks reported in June 2025?
Some major ransomware attacks in June 2025 included incidents involving Lee Enterprises, Kettering Health, Optima Tax Relief, and McLaren Health Care.
Which organizations suffered the largest data breaches in June 2025?
ZoomCar, Episource, and McLaren Health Care experienced some of the largest reported data breaches affecting millions of users in June 2025.
Who is responsible for the McLaren Health Care ransomware attack?
An international ransomware group linked to the INC gang was identified as the threat actor behind McLaren Health Care’s attack.
What is the Scattered Spider ransomware group?
Scattered Spider is a known ransomware group linked to several cyber attacks and data breaches in June 2025, including those involving Cartier and The North Face.
How was ZoomCar impacted by a cyber attack in June 2025?
Hackers accessed personal data of approximately 8.4 million ZoomCar users, including names, contact information, and vehicle registration details.
What happened to the United Natural Foods system in June 2025?
United Natural Foods disclosed a cyber attack that disrupted its distribution systems and order fulfillment processes.
What is the Predatory Sparrow hacking group?
Predatory Sparrow is a pro-Israel hacktivist group linked to politically motivated cyber attacks on Iranian institutions like Bank Sepah and Nobitex.
What types of malware were newly discovered in June 2025?
Newly identified malware in June 2025 included Acreed malware, DarkGaboon’s attacks, and SuperCard NFC-based malware.
Which vulnerabilities were patched in June 2025?
Critical vulnerabilities patched included Qualcomm GPU zero-days, Chrome CVE-2025-5419, and Cisco ISE remote code execution flaws.
How many records were compromised in the Episource breach?
Over 5.4 million patient records containing sensitive medical and personal data were compromised in the Episource breach.
Was there a cyber attack on The Washington Post in June 2025?
Yes, The Washington Post’s email system was compromised in a state-sponsored cyber attack targeting journalist accounts.
What is the business impact of ransomware attacks?
Ransomware attacks can lead to system outages, loss of sensitive data, financial costs, and reputational damage.
How many Texas crash records were leaked in June 2025?
Nearly 300,000 crash reports were stolen from the Texas Department of Transportation (TxDOT).
Which retail brand was breached alongside The North Face?
Luxury fashion brand Cartier was also targeted in June 2025 as part of cyber crime campaigns.
How many users were impacted by the Cock.li webmail breach?
Over 1 million Cock.li user records were stolen through a vulnerability in Roundcube webmail.
How severe was the Glasgow City Council cyber incident?
The incident disrupted multiple online services and potentially involved data theft, though specifics were not confirmed.
What was the method used in the attack on Hawaii Airlines?
Hawaiian Airlines disclosed a cyber attack affecting internal IT systems, but the exact method remains undisclosed.
Which telecom provider was targeted by Salt Typhoon hackers?
Viasat, a major satellite communications provider, was breached by Salt Typhoon hackers linked to Chinese state actors.
What is the CVSS score for major June 2025 vulnerabilities?
CVSS scores varied, with some critical flaws like Cisco ISE vulnerabilities reaching high severity levels.
Why are ransomware attacks increasing in 2025?
Ransomware attacks continue to increase due to evolving malware, sophisticated cyber crime groups, and vulnerabilities in outdated systems.
How do ransomware gangs typically operate?
They use double extortion tactics—encrypting files and stealing data to pressure victims into paying ransom.
What is Acreed malware used for?
Acreed malware is a newly popular infostealer in the Russian cyber crime ecosystem post-Lumma takedown.
How did Kettering Health respond to their ransomware attack?
Kettering Health restored its health record systems and worked on mitigating further risk after confirming the attack.
What is the importance of patching vulnerabilities quickly?
Delays in patching leave systems open to known exploits, increasing the risk of cyber attacks.
How can businesses prepare for cyber incidents like June 2025?
By implementing incident response plans, running tabletop exercises, patching systems, and employee training.
What is Zero Trust Architecture?
Zero Trust Architecture assumes no implicit trust within the network and requires strict identity verification.
Why is tabletop exercise important in cybersecurity?
It simulates real attack scenarios to test an organization’s readiness and improve response protocols.
Which countries were impacted most by June 2025 cyber attacks?
The USA, South Korea, India, and parts of Europe reported significant cyber incidents.
What is the role of CISA in cyber attack response?
CISA issues advisories, vulnerability warnings, and coordinates response efforts for critical infrastructure.
How do hacktivist groups differ from ransomware gangs?
Hacktivist groups are often politically motivated, while ransomware gangs focus on financial gain.
How many critical CVEs were disclosed in June 2025?
Dozens, including major flaws in Chrome, Cisco products, Microsoft 365, and webmail platforms like Roundcube.
![Top 10 Ethical Hackers in the World [2025]](https://www.webasha.com/blog/uploads/images/202408/image_100x75_66c2f983c207b.webp)
![[2025] Top 100+ VAPT Interview Questions and Answers](https://www.webasha.com/blog/uploads/images/image_100x75_6512b1e4b64f7.jpg)
