Breach Breakdown - February 2025

Introducing Episode 14 of our expertly crafted series on data breaches, cyber-attacks, and more. Breach Breakdown is your go-to source for recapping incidents and staying up-to-date on the latest solutions. January/February saw its fair share of reported cases, with breaches affecting:

Breaking News: How Asset Managers & Hedge Funds Can Stay Cyber-Resilient in 2025

The Independent reported that cyber-attacks targeting the financial sector are escalating. More and more AI-powered threats and ransomware posing a growing risk to asset managers, hedge funds, and private capital firms. As these firms rely on uninterrupted access to critical trading data, a cyber-breach can devastate operations and investor confidence.

Key Cyber-Resilience Challenges in 2025:

✅ Stricter Regulations: The UK’s upcoming Cyber Resilience and Security Bill and EU’s DORA mandate stronger security measures.
✅ AI-Powered Attacks: Cyber-criminals are using AI tools to craft sophisticated phishing scams and voice cloning for fraud.
✅ Shifting Targets: With banks strengthening defences, attackers are turning to investment firms as “softer targets.”

💡 To mitigate risks, firms must adopt a robust cyber-resilience strategy—enhancing security, reducing downtime, and ensuring compliance.

Cyber Attack Hits Morrisons’ Christmas Sales

A cyber attack on Blue Yonder forced Morrisons to shut down its warehouse system, disrupting stock visibility and impacting holiday sales. While a workaround was quickly implemented, availability is still recovering.

Key Takeaways:
✅ Assess Supply Chain Risks – Ensure third-party vendors follow strict cybersecurity standards.
✅ Implement Incident Response Plans – A well-prepared plan can minimise downtime.
✅ Regularly Backup Data – Protect critical systems from ransomware and operational disruption.
✅ Invest in Cyber Insurance – Coverage can help mitigate financial losses.

Cyber threats don’t just target large enterprises—SMEs are prime targets due to weaker defenses. Don’t wait for an attack to take action. Read more at Reuters or Yahoo Finance.

MGM Resorts to Pay $45M Over Data Breaches Affecting 37M Customers

MGM Resorts International has agreed to a $45 million settlement after two major data breaches in 2019 and 2023 exposed the personal data of 37 million customers. Hackers accessed names, addresses, phone numbers, passport numbers, and even Social Security details in the 2023 ransomware attack, which also shut down slot machines and ATMs in Las Vegas.

The final settlement hearing is set for June 18th, while the FTC continues its investigation into MGM’s response. Cyber threats can have massive financial and reputational consequences—don’t wait to secure your business!

Travel Site Daytrip Suffers Major Data Leak – 470,000 Customers at Risk

A third-party vendor breach exposed 470,000 user records and 762,000 travel orders at Daytrip, leaking names, emails, phone numbers, and billing details. Customers face identity theft and fraud risks.

Key Takeaway? Protect Yourself: Change passwords, watch for phishing scams, monitor finances, and consider ID theft protection.

This breach is a wake-up call for SMEs—cyber risks extend beyond your own systems! 🔒

Cyber Agencies Unveil New Security Guidelines for Edge Devices

Cyber-security agencies from the UK, US, Australia, Canada, and New Zealand have issued new guidelines to strengthen edge device security amid rising cyber threats. The guidance urges manufacturers to enable secure logging and forensic features by default, setting minimum standards to help detect and investigate attacks.

Edge devices—including routers, IoT devices, and smart appliances—are prime hacker targets, often acting as entry points to networks. NCSC Technical Director Ollie Whitehouse emphasised the need for a “tech culture that bakes security and accountability into every device.”

For businesses, this is a crucial reminder: cyber threats are evolving, and edge device security is no longer optional.