In May 2025, major brands like Adidas, Co-op, and Coinbase fell victim to breaches affecting customer data, supply chains, and even financial markets. Public institutions haven’t been spared either, with councils once again being targeted in ransomware attacks.
As threats grow in scale and sophistication, businesses and governments must adapt, defend, and respond swiftly to protect public trust. But it's not all doom and gloom. International efforts have brought down malware networks, marking a significant win against organised cybercrime.
Let’s look at what’s been happening in the last few weeks.
Adidas confirms customer data breach via third-party service provider
Well-known sports retailer Adidas has disclosed a cyberattack that exposed customer data through a third-party customer service provider. Fortunately, sensitive financial information such as passwords and credit card details was unaffected. Still, the breach involved personal contact details of consumers who previously interacted with the brand's support team. Adidas acted swiftly to contain the incident and is now notifying those impacted.
This breach adds Adidas to a growing list of major retailers recently targeted by cybercriminals, including Marks & Spencer and Co-op. Authorities continue to investigate these incidents, which highlight a worrying rise in digital threats against consumer-focused retail businesses.
Co-op stores still struggling after major cyberattack disrupts supply chains
Three weeks after a major cyberattack hit Co-op, its stores across the UK are still facing empty shelves and disrupted deliveries. The attack compromised customer and employee data and forced the retailer to shut down parts of its IT systems to prevent further damage and the possible installation of ransomware. While Co-op says it is in the "recovery phase" and restocking is underway, many stores continue to experience significant delays and reduced deliveries.
The cyberattack is believed to be part of a coordinated wave also affecting M&S, Harrods, Dior, and others. Unlike public companies such as M&S, Co-op is not required to publicly report financial impacts but has acknowledged system-wide disruptions. Internal systems are reportedly back online, but deliveries remain below normal volumes.
An earlier IT error around the same time also caused some customers to purchase food at significantly reduced prices or even for free. Despite ongoing challenges, Co-op expects stores to return to normal soon.
Coinbase refuses ransom, faces up to $400M loss after targeted cyber attack
Crypto giant Coinbase has revealed it could lose as much as $400 million following a cyberattack in which hackers tricked employees and contractors into leaking customer data. Fortunately, fewer than 1% of accounts were compromised, but attackers used the stolen information to impersonate Coinbase and scam users out of their cryptocurrency.
Rejecting a $20 million ransom demand, the company pledged full reimbursement to victims and established a $20 million bounty for information leading to the culprits' arrest. The incident comes just days before Coinbase’s entry into the S&P 500, underscoring growing cybersecurity threats in the maturing crypto sector.
West Lothian Council confirms sensitive data stolen in ransomware attack on its schools’ network
West Lothian Council has confirmed that cybercriminals stole personal and sensitive data during a ransomware attack targeting its education network. While most of the stolen information was linked to lesson plans, officials have acknowledged that personal data may also have been compromised. There’s no proof that confidential social work records were taken; that said, the discovery of a scanned passport online raised alarms.
The cyber group "Interlock" is believed to be behind the attack, which affected IT systems across dozens of schools and nurseries. Authorities continue to investigate, and the council has urged affected individuals to remain vigilant against potential scams or phishing attempts that come their way, stemming from the breach.
Global crackdown hits DanaBot cybercrime network: 16 charged in major malware takedown
U.S. authorities, working with international partners and cybersecurity firms, have charged 16 individuals in a sweeping effort to dismantle the DanaBot malware operation, a Russia-linked cybercrime enterprise responsible for infecting over 300,000 computers worldwide. First detected in 2018, DanaBot was used to facilitate fraud, ransomware attacks, and espionage, causing over $50 million in losses.
The malware, often spread through malicious emails, allowed hackers to remotely control compromised devices, even targeting military and government entities. The coordinated takedown, part of Operation Endgame, is a positive step, showing the growing global resolve to disrupt organised cybercrime and the infrastructure that enables it.
Onboard market-leading cybersecurity tools
May’s cyber events reflect both the rising costs of cyber incidents and the increasingly sophisticated nature of threats. From ransomware targeting schools and retail to cryptocurrency scams costing hundreds of millions, attackers are evolving - and so must our defences.
The dismantling of DanaBot demonstrates good progress in the fight against cybercrime, but the broader picture remains urgent. Businesses must prioritise cybersecurity, review supply chain risks, and ensure incident response plans are tried and tested.
Brigantia supports partners with cutting-edge cybersecurity solutions and expert guidance. To find out more, get in touch today.
Want to read more articles like this? Follow this link: https://www.brigantia.com/resources
