Top news stories this week
- Counting the cost. Co-op reports huge losses from cyberattack as UK government considers helping JLR suppliers.
- Checked out. Attack on Collins Aerospace causes passenger delays at European airports.
- Cyber drive-by. Data breaches hit Stellantis and Volvo.
- Scattered arrests. Continued teen arrests of Scattered Spider affiliates.
- Fix now. SonicWall and SolarWinds announced fixes required to their products.
- A whole lotte trouble. South Korea’s data protection watchdog opens investigation into leading card issuer.
1. Co-op reports huge losses from cyberattack as UK government considers helping JLR suppliers
The Co-operative Group has revealed that the cyberattack on it systems in April this year has resulted in GBP 206m in lost revenue and GBP 80m in profits in the first half of 2025. Meanwhile the UK government is still considering a scheme to help direct suppliers of Jaguar Land Rover components as the car manufacturer is only just putting digital operations back online after it suffered an attack at the end of August.
So what?
The costs of a cyber incident can hit an organization's bottom line and earnings long after the attack, it can also financially impact the wider footprint of an organization with suppliers reliant on trade being hit.
[Researcher: James Tytler]
2. Ransomware attack on Collins Aerospace causes passenger delays at major European airports
US-based Collins Aerospace suffered a cyberattack on its MUSE system, a platform used by multiple airports to support customer check-in, baggage processing and boarding operations. Airports across Europe including Berlin Brandenburg, London Heathrow and Brussels airport had to cancel and delay flights as a result. While the arrest of a UK National in relation to the incident has been made in London, the criminal group responsible is yet to be determined.
So what?
Organizations should maintain their risk register and stay on top of business continuity and disaster recovery planning and testing, particularly those running critical infrastructure and services.
[Researcher: James Tytler]
3. Stellantis and Volvo breaches expose supply chain vulnerabilities
Stellantis reported customer information was compromised in a breach linked to the Salesforce hacks, claimed by the cybercriminal group ShinyHunters. Meanwhile Volvo's breach occurred due to ransomware attack on their HR software service Miljdata, resulting in employee data exposure. Although Volvo itself was not hacked, supply chain vulnerabilities allowed access to sensitive information.
So what?
Companies should maintain regular vetting measures to protect against supply chain vulnerabilities.
[Researcher: Claire Yin]
4. Continued teen arrests of Scattered Spider affiliates
The Las Vegas Police department reported the self-surrender of a teenager suspected to be part of the Scattered Spider cybercriminal network and responsible for the 2023 multi-million dollar hacks on the MGM Resorts and Caesars entertainment. This surprise event follows last week’s arrest of two other ‘Scattered Spiders’ in the UK for their suspected involvement in the TfL hack and the arrest of another 17-year-old in July suspected to be part of the criminal network.
SO WHAT?
Cyberattacks increasingly involve teenage perpetrators, raising questions both on how easily young people can access sophisticated tools and how law enforcement prosecute minors involved in these serious crimes.
[Researcher: Jenny Eysert]
5. SonicWall and SolarWinds announced fixes required to their products
SonicWall suffered a cloud backup file incident as threat actors accessed its MySonicWall service storing backup firewall configuration files of its customers. Its customers are advised to reset the affected credentials following the guidance published by SonicWall.
Separately, SolarWinds released the third hotfix for its Web Help Desk IT ticketing software vulnerability CVE-2025-26399, which allows remote code execution (RCE) without authentication.
So What?
Organizations should reset the credentials and apply the available patches to the affected systems as soon as possible to protect them.
[Researcher: Milda Petraityte]
6. South Korea’s data protection watchdog opens investigation into leading card issuer
Lotte Card, South Korea’s fifth-largest card issuer, is facing an investigation into a data breach which exposed personal data of around 3 million customers. Hackers accessed sensitive financial data in mid-August including credit card numbers and verification codes. Local media has alleged poor cyber security practices by Lotte Card and underinvestment in cyber security by majority owners MBK Partners.
SO WHAT?
Companies and shareholders can be swept into wide-ranging investigations by privacy authorities, particularly when consumer personal data is stolen. Controlling shareholders should be aware of their ongoing liabilities and ensure that commitments to remedying vulnerabilities are correctly carried out.
[Researcher: Lester Lim]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
