SecureFact – Cyber Security News – Week of June 30, 2025

Data Breaches

Ahold Delhaize, a major multinational grocery and retail company, disclosed a ransomware attack in November 2024 that resulted in a data breach affecting over 2.2 million individuals, including nearly 100,000 residents of Maine.
The attackers accessed internal U.S. business systems and stole personal, financial, health, and employment-related information, such as names, contact details, Social Security numbers, driver’s license numbers, bank account data, and medical records.
The breach impacted several U.S. brands under Ahold Delhaize, including Food Lion, Stop & Shop, Giant Food, Hannaford, and The Giant Company. Although the company confirmed data theft, it stated there is no indication that customer payment or pharmacy systems were compromised.
The ransomware group INC Ransom claimed responsibility for the attack and posted stolen data samples on the dark web. Affected individuals are being notified and offered two years of free credit monitoring and identity protection services. Ahold Delhaize continues to investigate the incident and cooperate with law enforcement.

McLaren Health Care disclosed a ransomware attack in July 2024 that impacted approximately 743,000 patients. The attack, attributed to the INC ransomware gang, was discovered on August 5, 2024, but forensic investigations to identify affected individuals were only completed by May 2025.
The breach caused outages in IT and phone systems across McLaren’s network of 14 hospitals in Michigan and Indiana.
The attackers maintained access from July 17 to August 3, 2024, compromising patient databases and exposing full names and possibly other sensitive data.
This is McLaren’s second major breach in recent years, following a July 2023 attack by the ALPHV/BlackCat ransomware group that affected 2.2 million people. McLaren continues to investigate the incident and notify impacted patients.

Hawaiian Airlines disclosed a cyberattack that disrupted access to some of its IT systems but confirmed that flight operations were not affected.
The airline, which operates over 230 daily flights connecting Hawai’i with multiple destinations, stated that passenger safety and flight schedules remain intact. Upon detecting the incident, Hawaiian Airlines engaged external cybersecurity experts and relevant authorities to investigate and remediate the situation.
The exact nature of the attack, including whether it involved ransomware, has not been publicly revealed, and no cybercriminal group has claimed responsibility.
This incident follows similar cyberattacks on other North American airlines like WestJet, which also experienced system disruptions without impacting flights.
The FBI and cybersecurity firms have warned that the Scattered Spider hacking group is increasingly targeting the aviation sector, using social engineering and other tactics to breach airline systems. Hawaiian Airlines continues to monitor and address the situation while assuring customers that travel remains unaffected.

Nucor, North America’s largest steel producer and recycler, confirmed that hackers stole data during a recent cybersecurity breach. The incident led to temporary limitations on access to some IT systems and forced the company to halt production at certain facilities as a precaution.
Nucor has notified law enforcement and engaged external cybersecurity experts to investigate and recover from the attack. The company has since restored affected systems and believes the threat actors have been removed from its network.
Details such as the breach discovery date or attack type have not been disclosed, and no ransomware group has claimed responsibility. Nucor is currently reviewing the stolen data and will notify impacted parties as required by law.

A massive database containing over 16 billion leaked passwords from multiple past breaches has been uncovered, making it one of the largest collections of stolen credentials ever found.
The data includes login details from major platforms such as Google, Facebook, Apple, and GitHub, gathered over several years from phishing and malware campaigns.
Experts warn this collection enables widespread credential stuffing and account takeovers, especially since many users reuse passwords.
Google and Meta confirmed they were not the source of the leak and urged users to adopt stronger security measures like two-factor authentication and passkeys.
To protect accounts, users should use password managers, enable 2FA, and avoid reusing passwords. This breach underscores the urgent need for better password hygiene and modern authentication methods.