SecureFact – Cyber Security News – Week of April 28, 2025

British retailer Marks & Spencer (M&S) has temporarily suspended online orders following a cyberattack that disrupted several of its services, including contactless payments and Click & Collect orders.
While customers can still browse products on the website and apps, the company has paused new online orders as a precaution, and physical stores remain open.
Orders already placed are being held at stores indefinitely due to ongoing technical issues.
M&S announced the incident publicly through a London Stock Exchange press release and is collaborating with external cybersecurity experts to investigate and resolve the situation.
Although no ransomware group has claimed responsibility and no immediate data breach is expected, there remains a risk of data misuse if ransomware is involved.
The company has expressed gratitude for customer and partner support and is focused on restoring full service as quickly as possible.

Baltimore City Public Schools experienced a data breach in February 2025, affecting over 31,000 individuals, including current and former employees, volunteers, contractors, and approximately 1,150 students.
The cyberattack compromised sensitive information such as social security numbers, driver’s license and passport numbers, student data, call logs, absenteeism records, and maternity status.
The breach was linked to the Cloak ransomware group, known for targeting small to medium-sized organizations. Following the incident, the school district notified law enforcement, conducted a thorough investigation with external cybersecurity experts, and is now offering free credit monitoring services to those impacted.
This breach is part of a troubling pattern of ransomware attacks affecting Baltimore’s public institutions in recent years.

Yale New Haven Health (YNHHS), Connecticut’s largest healthcare network, suffered a cyberattack in March 2025 that exposed the personal data of approximately 5.5 million patients.
The breached information includes names, dates of birth, addresses, phone numbers, email addresses, race/ethnicity, Social Security numbers, patient types, and medical record numbers, but notably excludes financial details, medical records, and treatment information.
YNHHS detected unusual activity on March 8, quickly contained the incident, and engaged Mandiant for forensic investigation while notifying federal authorities. Starting April 14, affected patients were informed and offered complimentary credit monitoring and identity protection services, particularly those whose Social Security numbers were compromised.
The breach has prompted class action lawsuits, although no ransomware group has claimed responsibility yet. YNHHS continues to work on system restoration and mitigation efforts to prevent further harm.

Blue Shield of California disclosed a data breach that exposed the protected health information of 4.7 million members to Google’s analytics and advertising platforms due to a misconfiguration of Google Analytics on some of its websites.
The exposure occurred between April 2021 and January 2024, allowing sensitive data such as insurance plan details, member identifiers, medical claim dates, provider information, and “Find a Doctor” search results to be potentially shared with Google Ads.
Although Social Security numbers, driver’s license numbers, and financial information were not exposed, the breach raised concerns about privacy and targeted advertising based on health data.
Blue Shield has advised members to monitor their accounts for suspicious activity but has not offered identity theft protection services or confirmed if individual notifications will be sent.
This incident follows another major breach last year involving nearly one million members affected by ransomware targeting the company’s software provider.

MTN Group, Africa’s largest mobile network operator with nearly 300 million subscribers across 20 countries, announced a cybersecurity incident that compromised the personal information of some customers in certain markets.
While the company’s core network, billing systems, and financial services infrastructure remain secure and operational, an unknown third party claims to have accessed customer data.
MTN is still investigating the exact scope and impact of the breach and has notified South African police and relevant data protection authorities.
Affected customers will be informed soon.
The company advises customers to place fraud alerts on credit reports, keep apps updated, use strong passwords, avoid suspicious links, never share sensitive credentials, and enable multifactor authentication.
No ransomware group has claimed responsibility yet, and MTN has not disclosed which specific markets were affected.