Skip to content
Third-Party cyber incidents defined 2025. Nearly 30% of all reported data breaches involved third parties – double the amount from 2024. As digital ecosystems expand and value chains grow more interconnected, third-party cyber breaches are quickly becoming the norm.
In this post, we break down 10 of the most significant third-party cyber breaches from 2025 and highlight key steps organizations can take to mitigate third-party cyber risk, from onboarding and monitoring to continuous controls and remediation.
Key takeaways
- Retail has been a highly targeted sector in 2025 for third-party cyber attacks
- Losses ranged from tens of millions to hundreds of millions in revenue or fines; companies faced regulatory scrutiny, reputational damage, and operational disruption
- Vendor visibility and oversight are critical: Breaches underscore the importance of strong third-party security audits and monitoring
1. Red Hat Consulting / GitLab Instance – April 2025
Overview
Red Hat Consulting, the consulting division of open-source software leader Red Hat, had its self-managed GitLab instance breached. Attackers gained unauthorized access to repositories storing client configurations, automation scripts, and API keys.
Impact
Around 570 GB of internal data from 28,000+ repositories were stolen. While no core Red Hat products were compromised, sensitive consulting data put clients at potential risk, emphasizing the need for robust third-party security.
2. SK Telecom Breach – April 2025
Overview
South Korea’s Telcom provider, serving tens of millions of customers nationwide was compromised. An authorized third party infiltrated SK Telcom’s internal network, deploying remote access trojan (RAT) variant known as BDPFDoor.
Impact
The attackers collected over 27 million data records and the South Korean telecom giant was fined a record $96 million for the incident. As a result of the breach and its impact, the telecom giant has been mitigating their reputational hit through the media with several stories on how they will mitigate future incidents.
3. Marks & Spencer – April 2025
Overview
Marks & Spencer, a major British retailer known for its food, clothing, and home goods was breached via a third-party cyber-attack. Marks & Spencer stressed that the breach was via a third party, rather than a direct failure of its own systems. The cybercriminals used phishing and social engineering methods to breach Marks & Spencer’s customer data.
Impact
The disruption caused shelving and stock availability issues, with some stores even experiencing empty shelves. The retail giant estimated the incident could cost around £300 million in lost profits for the year. Since the incident, the retailer has been working closely with experts to mitigate incidents and working diligently in the media to limit reputational damage.
4. Co-op – May 2025
Overview
The Co-operative Group, a UK-based consumer cooperative operating groceries, insurance, and funeral services, suffered a breach via a third-party IT vendor. Attackers leveraged a misconfigured contractor system to access customer data.
Impact
Customer names, addresses, emails, and loyalty program data were exposed. The breach led to estimated disruption costs of £206 million in revenue, operational reviews and increased scrutiny of third-party contractors to prevent future incidents.
5. Farmers Insurance -May 2025
Overview
Farmers Insurance, a large U.S. multiline insurer offering auto, home, and other policies, was hit when a third-party vendor’s database was breached. An unauthorized actor accessed the vendor’s systems storing Farmers’ customer records.
Impact
Personal data of 1.07 million customers (names, addresses, dates of birth, driver’s license numbers, and last four digits of Social Security numbers) was exposed. Farmers Insurance began notifying affected individuals and offered 24-month free identity monitoring and credit protection services.
6. Cox Enterprises – June 2025
Overview
Cox Enterprises, a U.S. based media and communications company, was affected by a breach stemming from a third-party system. Attackers exploited the vendor to gain access to enterprise data.
Impact
Sensitive business data was exposed, though customer financial information remained safe. The incident highlighted risks in relying on vendors without thoroughly assessing their security posture. Cox has also offered 24 months of free credit monitoring and identity theft protection to affected victims.
7. Qantas Airways – July 2025
Overview
Quantas, Australia’s largest airline and flag carrier, operating domestic and international passenger and cargo services was breached earlier in 2025 via a third party. A third-party customer service platform integrated with their systems was breached.
Impact
Cybercriminals used the exploited vendor environment to extract over 6 million customer records, including personal data.
While no sensitive financial data was stolen, the financial toll still spirals due to regulatory and reputation fallout. Under Australia’s Privacy Act, Qantas could face fines of up to A$50 million or 30% of a company’s adjusted turnover during the period of the breach – whichever is greater.
8. Allianz Life Insurance – July 2025
Overview
Allianz Life, a U.S.-based life insurance and annuity provider owned by Allianz SE, experienced a breach via a cloud-based CRM vendor. Hackers exploited social engineering weaknesses to access sensitive customer information.
Impact
Approximately 1.4 million U.S. customers were affected. Although no financial account data was stolen, personal identifiers and policy-related data were exposed, triggering regulatory notifications and identity-theft protection measures.
9. TransUnion – August 2025
Overview
TransUnion, one of the largest U.S. credit reporting agencies, suffered a breach when a third-party application used in its U.S. consumer support operations was compromised. However, the breach did not target TransUnion’s core credit database directly.
Impact
Personal information of approximately 4.4 million customers was exposed (names, addresses, dates of birth, driver’s license numbers, and last four digits of Social Security numbers). The company notified affected individuals and is offering 24 months of free credit monitoring and identity theft protection.
10. Comcast – November 2025
Overview
Comcast, a U.S.-based telecommunications and media company, experienced a breach through a third-party vendor. The compromise involved unauthorized access to customer service and operational systems.
Impact
Comcast paid a $1.5 million fine and launched an extensive remediation effort, including third-party vendor audits and enhanced monitoring for future breaches.
Conclusion
The biggest lesson from 2025 is that many cyber breaches now start with third parties. Most incidents stemmed from gaps in vendor oversight, weak access controls, limited visibility, or inadequate monitoring. Strengthening vendor assessments, validating security controls, and maintaining real-time visibility across your value chain are now critical to preventing incidents and protecting your operations, customers, and reputation. Knowing who your vendors are, what data they hold, and how they safeguard it can make a major difference in preventing future breaches.
Test your organization’s third-party cyber risk maturity
We’ve built a 2-minute Third-Party Cyber Maturity quiz to help to identify exposure and benchmark your organization against leading industry standards.