October has seen a series of high-profile cyberattacks affecting global brands and critical services. From automotive firms like Renault to major food and beverage producers such as Asahi, hackers have disrupted operations and exposed sensitive customer data.
We’re seeing significant breaches across all types of business, highlighting the growing vulnerabilities in third-party suppliers and digital platforms. In this roundup, we’ll explore this month’s key incidents, the consequences and the lessons for businesses.
Renault alerts customers after third-party data breach
Renault UK has warned customers to stay vigilant after a cyberattack on one of its data processing partners exposed some personal information. No financial details, such as bank accounts or passwords, were compromised; however, hackers accessed names, contact details, birth dates, and vehicle information.
Renault’s own systems were unaffected, with the breach limited to the external provider. Impacted parties may include customers, as well as individuals who entered Renault promotions or competitions.
Authorities have been notified, and affected people are being contacted directly. The incident follows a string of recent cyberattacks on other major manufacturers such as Jaguar Land Rover, which shows the ongoing risks across automotive supply chains.
Asahi cyberattack triggers beer and beverage shortages across Japan
Asahi has experienced a cyberattack that’s disrupting operations in Japan, leading to nationwide shortages of its beer and bottled drinks. The incident halted production at most factories and disabled ordering and delivery systems.
Major retailers, including 7-Eleven, FamilyMart, and Lawson, have warned customers to expect limited availability of Asahi products such as Super Dry beer and bottled teas.
Asahi, which also owns Peroni and Grolsch, stated that only its Japanese operations were affected and that manual order processing has commenced. The company has apologised, assuring customers that restoring supply remains the company’s top priority.
Capita fined £14m over major data breach exposing millions
The UK’s data watchdog has fined Capita £14 million after a cyberattack exposed the personal details of 6.6 million people. The ICO said Capita failed to secure sensitive data, leaving it vulnerable to theft.
The breach in March 2023 resulted in sensitive information, including home addresses, passport images, and financial records, being made available on the dark web. Capita, which handles over 600 pension schemes, said it has since strengthened its cyber defences.
The fine was reduced from £45 million after Capita cooperated with regulators and improved its systems. The ICO stated that the case highlights the serious consequences of inadequate data protection.
Medical firm fined £100k after cyber-attack exposes patient data
The Medical Specialist Group (MSG) in Guernsey is another business that has been fined after a cyberattack. The fine of £100,000 was issued as the attack exposed sensitive patient information. The breach began in August 2021 but remained undetected for over three months, resulting in the theft of thousands of emails, some containing confidential health data, which were later used in phishing scams.
The Office of the Data Protection Authority (ODPA) stated that MSG failed to install vital security updates and missed opportunities to detect the breach, thereby breaching Guernsey’s Data Protection Law. Commissioner Brent Homan said the firm’s safeguards fell “well short” of legal standards.
MSG has since upgraded its cybersecurity systems, invested in new technology and staff training, and committed to an action plan that could reduce the fine if completed. The ODPA stated that it was confident the improvements would significantly strengthen patient data protection.
Discord says ID photos of 70,000 users may have been exposed in cyberattack
Discord has revealed that official ID photos and other personal details from about 70,000 users may have been exposed following a cyberattack on one of its third-party service providers. Apparently, their own systems were not breached, and no passwords or full credit card details were compromised.
The leaked data may include ID images, partial payment details and conversations with Discord’s customer support team. The platform has contacted all affected users, revoked the vendor’s access, and is cooperating with law enforcement.
Discord, which has over 200 million users globally, said claims that the breach was larger than reported are false and part of an extortion attempt, reiterating that it would not pay those behind the attack.
Hackers can exploit ChatGPT Atlas to plant hidden persistent commands
A critical flaw in OpenAI’s ChatGPT Atlas browser could allow attackers to secretly insert malicious commands into the AI’s persistent memory, researchers at LayerX Security have warned. The cross-site request forgery (CSRF) exploit enables hackers to execute code, steal data, or deploy malware across user sessions and devices.
Because the attack targets ChatGPT’s memory, designed to retain user details for personalisation, the injected commands can survive logouts and spread across browsers. Tests showed ChatGPT Atlas blocked only about 6% of phishing and web threats, leaving users far more vulnerable than with Chrome or Edge.
Experts say the flaw highlights the growing security risks as AI browsers combine identity, automation, and intelligence into a single, high-value target.
Key takeaways from October’s cyber incidents
October’s cyber incidents reveal a persistent and evolving threat landscape. Breaches across industries, from automotive to healthcare, retail, and AI platforms, demonstrate that no organisation is immune, especially when third-party systems are involved. Regulatory penalties, operational disruptions, and reputational damage remain real consequences of lapses in security.
It's time to fortify your defences and your clients’ infrastructure with proactive cyber-defences, employee training, and supplier oversight. Chat to our team about our cybersecurity tools.
Want to stay informed about emerging threats? Read more of our articles
