2025 is almost upon us! This year showed once again that no one is immune from cyber threats. The digital threat landscape is becoming increasingly complex and attacks are becoming more targeted, sophisticated and impactful. This is precisely why strengthening the cyber resilience of organizations is more important than ever.
In this blog post, we look back at five cyber incidents from 2025 that have stuck with our colleagues the most. We reflect on what went wrong, how the attacks were able to take place and the impact on the organizations involved.
Cyber incident 1: Bevolkingsonderzoek Nederland
In 2025, the personal data of about 485,000 women was captured at Clinical Diagnostics, the laboratory that conducted research for the Netherlands' Bevolkingsonderzoek Nederland for cervical cancer. In the attack, cybercriminals gained access to sensitive data, including names, addresses, dates of birth and, in some cases, even the BSN.
To put additional pressure on the victim, the attackers temporarily made some of the stolen data public as part of an extortion strategy. Although the data was later taken offline again and the criminals indicated that they would not distribute it further, this does not mean that the risk has completely disappeared. Once data is captured, the possibility remains that it could be in the wrong hands or still be misused.
In August, the Personal Data Authority (AP) launched an investigation into the laboratory. Since Clinical Diagnostics did not notify data subjects until quite some time after the data breach was discovered, there is the question of whether this violated the AVG.
Cyber incident 2: Jaguar Land Rover
When Jaguar Land Rover (JLR) was hit by a cyberattack in late August, the consequences were far greater than just for the company itself. This was not a minor data breach, but an attack that forced Jaguar Land Rover to proactively shut down all its systems and halt production at multiple plants to limit further damage.
Thousands of suppliers were affected and the financial impact was enormous. The five-week production shutdown at JLR resulted in an estimated loss of £1.9 billion, giving this cyber attack the title of most economically damaging cyber attack in U.K. history. More than 5,000 supply chain partners were affected, suffering delayed payments and months of operational setbacks. Exactly what type of attack was involved (e.g., ransomware or another exploit) has not yet been fully publicly confirmed by Jaguar Land Rover itself.
Cyber incident 3: Prosecutor's Office
In the summer of 2025, the Dutch government was hit by a cyber attack via a critical vulnerability in Citrix software, a widely used system for remote access to networks. The National Cyber Security Center (NCSC) warned that this flaw was being actively abused, possibly months before it was made public.
In July 2025, the prosecutor's office (OM) decided to disconnect all systems from the Internet as a precautionary measure to block further access by the attackers. This prevented employees from logging in remotely, receiving emails or sending large files, and access to important digital work environments was limited. The OM was only able to bring systems back online slowly and in a controlled manner, with email being the first function restored. The prolonged offline state created backlogs, increased workloads and logistical problems within the criminal justice chain. Such effects were still felt months later.
Cyber incident 4: Salesforce
A large-scale cyber attack on Salesforce customers exposed more than a billion records and showed how social engineering and third-party integrations can become the weakest links, even if the core platform remains secure. Indeed, the attackers used the infrastructure of Salesforce customers, not the core platform itself, to access data from dozens of large organizations.
In one of the campaigns, the attackers posed as Salesforce IT technicians and used vishing (voice phishing) to trick employees into installing a manipulated version of Salesforce tools. This allowed criminals to gain access to CRM data.
Major brands including, Google, Adidas, KLM, Qantas, Allianz, Dior and Chanel, reported that customer data such as contact information and CRM records had been stolen by this campaign.
Cyber incident 5: Shai Hulud Worm
In September 2025, the open-source world was rocked by Shai-Hulud, a large-scale supply-chain attack on the npm ecosystem. Hackers managed to take over accounts of package maintainers and undetectably insert malicious code into popular software packages.
What was special, and dangerous, about Shai-Hulud was that the mailware could spread worm-like. Once an infected package was installed, it automatically stole developer tokens and cloud credentials and used them to infect even more packages, with no manual actions required. This allowed a single breach to spread through entire developer communities at lightning speed.
The campaign affected hundreds to thousands of packages and exposed tens of thousands of developers and CI/CD environments. The attack showed how vulnerable modern software development is when reliance on open-source dependencies is abused.
Good intentions for 2026: strengthen your cyber resilience
The events of 2025 show how cyber threats are evolving faster than ever and that no organization is immune. Attackers' tactics differ, but the consequences are often the same: financial losses, operational chaos and reputational damage.
Looking back at 2025, one thing is clear: cybersecurity is more important than ever and should be a priority in every organization. Make 2026 the year you strengthen your organization's resilience, whether you start with an initial approach or further sharpen existing measures.