{"id":173479,"date":"2025-12-31T06:33:00","date_gmt":"2025-12-31T11:33:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2025\/12\/31\/the-top-cybersecurity-incidents-of-2025-and-the-lessons-learned\/"},"modified":"2025-12-31T16:16:10","modified_gmt":"2025-12-31T21:16:10","slug":"the-top-cybersecurity-incidents-of-2025-and-the-lessons-learned","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2025\/12\/31\/the-top-cybersecurity-incidents-of-2025-and-the-lessons-learned\/","title":{"rendered":"The top cybersecurity incidents of 2025 \u2013 and the lessons learned"},"content":{"rendered":"<p><a href=\"https:\/\/www.finextra.com\/newsarticle\/47096\/the-top-cybersecurity-incidents-of-2025--and-the-lessons-learned\">The top cybersecurity incidents of 2025 \u2013 and the lessons learned<\/a><\/p>\n<p><a href=\"https:\/\/www.finextra.com\/newsarticle\/47096\/the-top-cybersecurity-incidents-of-2025--and-the-lessons-learned\">https:\/\/www.finextra.com\/newsarticle\/47096\/the-top-cybersecurity-incidents-of-2025&#8211;and-the-lessons-learned<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2025-12-31 06:33:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.finextra.com\">www.finextra.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. As the wave of digitisation washes across the globe, open source software proliferates, and the sheer value of data continues climbing, cyberattacks are becoming one of the biggest threats to financial stability. In the past 12 months, consumers, financial institutions (FIs), and entire industries fell victim to massive cyberattacks by highly sophisticated criminal rings and technologies.<br \/>\n\tAs 2025 draws to a close, Finextra looks back at the most impactful cybersecurity breaches of the year \u2013 and considers what lessons, if any, have been learned.<br \/>\n1. The crypto heist<br \/>\nThis year saw a record number of financial thefts and ransomware disruptions. One of the most striking cybercrimes of 2025 was the digital heist of Bybit, the global cryptocurrency exchange founded in 2018. It remains the largest crypto exchange hack ever.<br \/>\nThrough social engineering tactics \u2013 and by compromising a third-party wallet provider to authorise fraudulent transactions \u2013 around $1.5 billion in Ethereum was siphoned from Bybit\u2019s wallets in February 2025. So great was the fallout that the FBI investigated and soon attributed the attack to Lazarus Group \u2013 a North Korea\u2013linked operation. The heist triggered market price disruptions and raised serious regulatory questions in the crypto world.<br \/>\nLessons learned: Ransomware, data theft, and crypto heists are delivering millions \u2013 and sometimes billions \u2013 of dollars to cybercriminals. These attacks are part of a well-funded, professional industry, sometimes backed by nation states and conducted as a form of hybrid warfare. When it comes to crypto heists, attackers are often operating across borders, and the stolen digital currencies are easy to launder \u2013 which makes these crimes extremely challenging to prosecute. In order to protect crypto platforms, traders, and the wider markets, regulators and governments must collaborate to ensure transparency and traceability of funds and that appropriate safeguards are established.<br \/>\n2. The data breach<br \/>\nThe leaking of sensitive, confidential, or personal information by unauthorised entities was another key cybersecurity trend in 2025.<br \/>\nIndeed, a number of vendors shouldered highly disruptive data breaches. On 29 May 2025, the leading global provider of legal, regulatory, and business information, analytics, LexisNexis, announced that a data breach at a third-party provider had exposed the personal information of over 364,000 individuals. Writing to potential victims, the firm said that an unauthorised party may have gained access to names and sensitive contact information, such as phone numbers, postal or email addresses, social security numbers, drivers&#8217; license numbers and dates of birth. In response, LexisNexis called in external cybersecurity experts and notified law enforcement.<br \/>\nOn 28 August 2025, the credit bureau TransUnion went public on a data breach that exposed the personal information of over 4 million consumers. In reporting the breach to law enforcement agencies, TransUnion said the hackers penetrated the firm\u2019s defences via a third-party application storing customers\u2019 personal data for its US consumer support operations.<br \/>\nOn 9 September 2025, Canadian wealth management platform, Wealthsimple, said that a security breach had left the personal information of some of its customers compromised. Contact details, government IDs, financial information \u2013 such as account numbers, IP addresses, social insurance numbers, and dates of birth \u2013 were all exposed in the breach, which impacted less than one per cent of the firm&#8217;s three million customers. Fortunately, no cash was stolen or passwords lifted, and all accounts remained secure.<br \/>\nLessons learned: Clearly, the attack techniques of cybercriminals are improving faster than firms\u2019 defences. With malicious tools now readily available open source on the black market, it is time for financial entities to start seriously investing in layered cyber defences. This includes robust authentication and access controls, continuous monitoring and threat detection, and across-the-board encryption. Deeper employee security training, backup systems and recovery plans \u2013 including customer communication strategies \u2013 and supply chain security checks are also becoming a must.<br \/>\n3. Whaling and deepfake scams<br \/>\nUse cases for artificial intelligence (AI) shot up in 2025 \u2013 for both FIs and cybercriminals. Through a technique known as deep learning, AI can automatically generate text, audio, and even video files. Attackers quickly recognised the potential of this innovation and began using the technology to impersonate individuals known to their victims, in order to steal cash. Sadly, victims are often unable to recognise these so-called AI \u2018deepfakes\u2019 as a scam and comply with the criminals\u2019 requests.<br \/>\nThe deepfake scams that are most profitable are those which impersonate high-level executives, in a process known as whaling. In this scenario, cybercriminals will generate deepfake video calls from c-suite individuals which request that employees authorise large financial transfers on their behalf.<br \/>\nOn 13 March 2025, Singapore authorities warned businesses of a rise in these scam video calls. The Singapore Police Force (SPF), Monetary Authority of Singapore (MAS) and Cyber Security Agency of Singapore (CSA) said countless victims are receiving unsolicited WhatsApp messages from scammers claiming to be executives from the company that the victims work for, inviting the employee to join a live-streamed Zoom video call. During the calls, victims are instructed to transfer substantial amounts of funds from their company\u2019s corporate bank accounts to designated bank accounts under the pretext of business payments \u2013 such as project financing or investments. Some victims were even asked to disclose personal information such as NRIC and passport details.Lessons learned: Authorities have advised businesses to establish clear protocols for employees to verify the authenticity of any video calls or messages \u2013 particularly those purportedly from senior executives or key stakeholders, and to check for tell-tale signs that could suggest the manipulation of the audio or video through AI technology. Clearly, human behaviour is now the weakest link in technology systems. Social engineering tactics are highly effective in targeting employee emotions like urgency, fear, or authority. Some of the biggest cybersecurity incidents of 2025 began not with hacking, but with tricking an individual. Awareness must outpace this threat.<br \/>\n2025: New threats, new defences<br \/>\nOne of the side effects of digitisation is that most financial entities can now be compromised by criminals from anywhere on the planet. Armed with readily available attack tools, these criminals have more to gain from stealing data than ever before. This puts every layer of the financial services landscape at risk \u2013 from governmental institutions to central banks, to vendors, to individual consumers.<br \/>\nMeeting this hybrid threat demands a patchwork of solutions, including tighter crypto regulations, concerted data security investment, as well as educational programmes for consumers and employees, so that suspicious activity can be flagged early. Oftentimes, a vendor will be compromised via a third-party provider \u2013 so supply chain checks are key.<br \/>\nMany of Finextra\u2019s 2025 cybersecurity news stories ended with a similar message: that vendors were obliged to seek external expertise to effectively respond to a breach. If sensitive data and systemic financial stability is to be ensured, it is time for entities to begin training in-house cybersecurity professionals \u2013 and tackling this issue head on.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The top cybersecurity incidents of 2025 \u2013 and the lessons learned https:\/\/www.finextra.com\/newsarticle\/47096\/the-top-cybersecurity-incidents-of-2025&#8211;and-the-lessons-learned Publish Date: 2025-12-31&#8230;<\/p>\n","protected":false},"author":1,"featured_media":173480,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.finextra.com\/finextra-images\/top_pics\/xl\/security_06.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,30,24,28],"class_list":["post-173479","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-breach","tag-cybersecurity","tag-data-security"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/173479"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=173479"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/173479\/revisions"}],"predecessor-version":[{"id":173481,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/173479\/revisions\/173481"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/173480"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=173479"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=173479"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=173479"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}