Latest Weekly Recap: Cybersecurity Violations Reports
In a series of recent cyberattacks, several organizations worldwide have fallen victim to data breaches and system disruptions. Here's a rundown of the incidents:
Workday and House of Commons Suffer Social Engineering Attacks
Workday, a cloud-based human resources software provider, announced a social engineering attack on its third-party Customer Relationship Management (CRM) platform. The breach affected business contact information, including names, email addresses, and phone numbers. Meanwhile, the House of Commons in the UK suffered a cyberattack, with stolen data including names, email addresses, job titles, office locations, and details about the computers and mobile devices used by staff.
Colt Technology Services and STIC Suffer Ransomware Attacks
UK-based Colt Technology Services has confirmed a cyberattack by the WarLock ransomware group, affecting hosting, porting, Colt Online, and Voice API services since August 12. Similarly, Stock in the Channel (STIC), a UK-based digital platform, suffered a ransomware attack on August 12. The attackers exploited a zero-day vulnerability in a third-party application to gain access to STIC's systems, causing extensive damage to its infrastructure.
Conduent Experiences Multiple Cyberattacks
Conduent, an American business services company, has experienced at least two cyberattacks causing call center outages in 2025. These incidents have disrupted Electronic Benefit Transfer (EBT) services for cardholders in several states and the Supplemental Nutrition Assistance Program (SNAP) call centers in six states: Georgia, Delaware, Indiana, Iowa, Oklahoma, and Virginia.
Data Breaches Affecting Sensitive Information
The breach at Inflite The Jet Centre, a Ministry of Defence sub-contractor, has potentially exposed personal data of up to 3,700 Afghans who traveled to the UK between January and March 2024 under the Afghan Relocations and Assistance Policy (Arap). The International Organization for Migration (IOM) in North America also suffered a cyberattack that potentially exposed personal data of thousands of Afghans brought to the United Kingdom under a security initiative.
Cyberattacks Exploiting Known Vulnerabilities
The cyberattack on the Pennsylvania Office of the Attorney General has reportedly exploited a critical flaw CVE-2025-5777 in Citrix NetScaler appliances. Canada's House of Commons has suffered a cyberattack that allegedly exploited a recently uncovered Microsoft's On-Premises Exchange vulnerability (CVE-2025-53786). The WarLock ransomware group is believed to have exploited a Microsoft SharePoint vulnerability (CVE-2025-53770) to breach Colt Technology Services' sharehelp.colt.net platform.
Response and Recovery Efforts
In response to these incidents, teams at affected organizations have been working tirelessly to repair the affected systems. For instance, STIC's teams have been working around the clock to repair the affected systems.
As these incidents highlight, cybersecurity remains a critical concern for organizations worldwide. It is essential for businesses to prioritize cybersecurity measures to protect their data and the personal information of their clients and employees.
