It may be the last few weeks of 2025, but there have been plenty of cyber threats hitting the headlines in December.
In our final cybersecurity roundup of the year, we highlight some of the latest stories, including new breaches and the impact of attacks months after the initial incident.
The UK’s Information Commissioner’s Office (ICO) has fined password manager vendor LastPass £1.2 million for failing to implement adequate security measures, which led to the exposure of sensitive user data, including encrypted vault metadata, in 2022. The breach compromised the personal information of nearly 1.6 million UK users when a hacker gained access, first to an employee's corporate laptop and then to another employee’s personal laptop, where they implanted malware and captured the master password.
These two incidents together allowed the hacker to access LastPass’s backup database, gaining access to personal information such as customer names, emails, phone numbers and stored website URLs.
The ICO has highlighted the importance of robust encryption, strong access controls, and regular security audits for services handling sensitive authentication information.
In August 2024, German air traffic control was targeted in a cyberattack. In recent weeks, Germany has come out, accusing Russia of carrying out the attack and attempting to influence the federal election in February through a disinformation campaign dubbed Storm 1516. While air traffic operations were reportedly unaffected, the disinformation effort targeted political figures and was said to spread fake videos which alleged ballot manipulation.
The BBC has reported that this latest development from this incident comes as concerns increase across Europe over suspected Russian cyberattacks since the invasion of Ukraine in 2022. Russia has categorically denied the accusations.
Reported by Bleeping Computer, France’s Ministry of the Interior recently confirmed a cyberattack that compromised its email servers. The breach was detected overnight between 11th and 12th December. Officials have said that threat actors accessed some document files, but it’s not yet clear if sensitive data was stolen.
In response to the breach, the ministry has since strengthened security protocols and access controls, launched an investigation into the origin and scope of the attack, and examined the possibility of foreign interference or cybercrime activism.
The French Interior Ministry is a high-value governmental target given its oversight of police, internal security and immigration services, making ongoing threat analysis and tightened email defences a priority for similar institutions.
Jaguar Land Rover (JLR) has finally disclosed that an August cyberattack that forced weeks-long production shutdowns also resulted in the theft of sensitive personal and payroll data belonging to thousands of current and former employees. Investigations have been ongoing since the attack in August, and it’s said that a forensic probe is still ongoing to discover the exact entry point of the attack.
The stolen information is said to include personal details, such as names, addresses, salaries, and national insurance numbers, posing a high risk of identity theft and exposing thousands of people to fraud attacks.
It’s been reported that JLR has notified the ICO and implemented enhanced security measures to prevent future incidents. To date, this incident has taken a significant financial hit to JLR, with prolonged disruption resulting in quarterly losses of £342 million.
There has been a significant breach at a U.S. credit reporting and identity verification company, 700Credit, exposing credit card and personal data for over 5.6 million individuals. The breach occurred after attackers exploited a third-party API integration, allowing them to siphon information over several weeks.
The compromised data is said to include names, addresses, dates of birth and Social Security numbers, which is enough to fuel identity theft, fraud and sophisticated phishing campaigns. It is said that affected individuals are being notified and offered free credit monitoring and support as regulators and the FBI investigate.
Music streaming platform SoundCloud has confirmed that recent outages and VPN connection issues were caused by a data breach in which user information, including usernames, email addresses, and hashed passwords, was stolen.
SoundCloud has said that although some data was accessed, exposure was limited, and there is currently no evidence of financial data compromise. BleepingComputer reported that the breach affected roughly 28 million accounts. Affected users are being advised to reset passwords and enable two-factor authentication.
As you can see, the last month has continued to demonstrate the huge impact cyberattacks are having on organisations across the globe, and as always, the evolving sophistication of breaches. Every organisation is vulnerable, and all businesses, no matter their size, need to implement the right tools to try to stay ahead of threats.
To read more articles like this, head to our news and article page. To learn more about our cybersecurity vendor portfolio or to speak with our team, get in touch.