From ransomware fallout in healthcare to record-breaking DDoS attacks and third-party breaches, June 2025 has highlighted the growing complexity and severity of modern cyber threats. We share the latest in this month’s round-up.
Ransomware attack on NHS blood service linked to a fatality
Last year saw a highly disruptive attack on Synnovis, the pathology outsourcer for NHS hospitals, resulting in delays in critical bloodwork that have since been confirmed to be long enough to be one of the contributing factors in a patient’s death.
The same incident had already generated 170 ‘patient-harm’ reports and forced the cancellation of thousands of procedures. Just last month, Synnovis acknowledged that the gang had published 400 GB of test records on the dark web after a failed $50 million ransom threat.
Former Director of National Digital and Chief Information Security Officer for NHS National Services Scotland, Mr Mitchelson, said that IT systems are only as secure as the weakest link in the chain.
M&S and Co-op attacks classed as a Category 2 cyber event
The UK Cyber Monitoring Centre’s first in-depth loss model has stated that the spring attacks on Marks & Spencer and Co-op are likely to result in costs ranging from £270 million to £440 million and have been classified as a Category 2 cyber event.
The CMC has described the impact of the event as ‘narrow and deep’, which was fuelled by supply-chain gaps and ‘just-in-time’ logistics. Since the attack, daily card spend at M&S has crashed by 22% and Co-op has removed VPNs and some store systems entirely offline. Analysts have stated that the attack serves as a textbook case for tabletop testing of inventory-override procedures and cyber business interruption coverage. Lessons learned from this have emphasised the importance of immutable backups, identity threat detection, and the need to test business continuity and crisis response plans against ransomware attacks.
Glasgow City Council isolates servers after breach
Malicious activity found on the 19th of June in a third-party-hosted environment forced Scotland’s largest local authority to pull affected services offline for 625,000 of its residents. The event impacted planning applications, paying for parking, driving fines and waste collections.
The council has stressed that no financial systems have been hacked and no card or bank account details have been compromised, but residents have been warned to watch out for phishing attempts.
Cartier and The North Face data stolen in cyber attacks
Fashion brands The North Face and Cartier are among the companies that reported having had their data stolen as a result of cyberattacks in April. Both brands admitted in early June that customer contact details, such as names and email addresses, but not financial information, were compromised.
It’s said that the attack on The North Face was a credential stuffing attack, a technique where hackers attempt to use usernames and passwords stolen from a different breach to gain access to accounts. Cartier, on the other hand, was hacked via unauthorised back-end access, where attackers were able to obtain client information; however, the firm has reiterated that passwords and card details were not accessed and that the issue was contained. Further enhancements have since been implemented.
Cloudflare blocks a record 7.3 Tbps DDoS attack
This month, Cloudflare reported that it had mitigated a record-breaking distributed denial-of-service (DDoS) attack in May of this year. The attack peaked at 7.3 TBps, targeting a hosting provider. This attack is 12% larger than the previous record, which saw a huge volume of 37.4 TB in just 45 seconds.
Cloudflare mitigated the attack by distributing traffic across 477 datacentres in 293 locations using its Anycast network. It leveraged real-time fingerprinting and intra-datacentre gossiping to share intelligence quickly and automatically create defence rules.
Although 99.996% of the attack traffic was from UDP floods, other methods were also used, including:
- QOTD and Echo reflection
- NTP amplification
- Mirai botnet UDP flood
- Portmap flood
- RIPv1 amplification
These lesser-used vectors exploited outdated or misconfigured services, helping attackers bypass defences, identify vulnerabilities, and enhance the overall effectiveness of the attack.
Third-Party cyberattack exposes data at Swiss Banks, highlighting the impact of supply chain risks
On June 18th, Swiss banks UBS and Pictet confirmed a data breach caused by a cyberattack on Swiss service provider Chain IQ. Although client information was not compromised, it has been reported that data on tens of thousands of UBS employees, including internal contact details such as the CEO’s direct line, were stolen.
Chain IQ stated that 20 companies were targeted, with some stolen data later appearing on the darknet. Since the incident, it has implemented containment measures but declined to comment on ransom demands due to security concerns.
UBS is said to have responded swiftly to prevent operational disruption, and Pictet clarified that the breach only affected invoice-related data with external suppliers, not client records. KPMG, also a Chain IQ client, stated that its systems were unaffected but had increased its security as a precaution.
Experts have warned that the breach highlights how third-party vulnerabilities can expose major financial institutions.
What this month tells us
June’s incidents reinforce a critical truth - no sector is immune, and the effects of cyberattacks extend from retail and healthcare to government and luxury brands. Organisations must prioritise resilience through tested incident response plans, secure third-party relationships, and proactive threat detection measures.
To read more articles like this, head to our news and articles page.
To learn more about Brigantia and what we offer, please get in touch.
