The top data breaches of September 2025 brought significant incidents across diverse sectors, from automotive and luxury fashion to aviation and fintech. Every event has shown that attackers are focusing on vendor ecosystems and shared platforms, creating ripple effects that extend beyond a single organization.

It was HR information at Volvo, client secrets at Gucci and Balenciaga, airport failures in Europe, or exposure to clients at Wealthsimple, but the point is that all these incidents are contributing to the escalating problem of third-party risk management. Below is a detailed breakdown of the top data breaches of September 2025.

1. Volvo Employee Data at Risk After HR Supplier Ransomware Breach

Incident Overview

Volvo Group verified that it had suffered a data breach that was as a result of a ransomware attack on its human resource software provider, Miljödata. The attack, which was described as a DataCarry ransomware group, started approximately on August 20, 2025. On August 23, Miljodata noticed suspicious activity and analyzed the situation with forensic tools in order to prove that data had been stolen by September 2. The exposure was not directly through the Volvo IT systems but through its third-party vendor.

What Data Was Exposed

• Employee first and last names
  
• Social Security Numbers (SSNs) for some U.S. employees
  
• From Miljödata’s broader client base: email addresses, government IDs, addresses, and dates of birth
  

Financial, payroll, and insurance data were not impacted, according to Volvo.

Number of Affected Individuals

• About 870,000 email addresses and records were leaked among the clients of Miljoe data.
• In the case of Volvo North America, there was an unknown number of employees involved who were breached, and their SSN was confirmed to be at risk.

Business Impact

• Regulatory exposure: Filing of breach notices with U.S. authorities (including Massachusetts AG).
  
• Reputational damage: Trust concerns among employees and partners due to sensitive HR data exposure.
  
• Identity theft risk: Leaked SSNs increase chances of fraud and misuse.
  
• Supply chain risk: Demonstrates how third-party vendor breaches can cascade into enterprise security incidents.

Company Response

• Volvo is providing 18 months of free credit monitoring and identity protection to affected employees.
  
• The company emphasized that its own internal systems remain secure.
  
• Miljödata engaged forensic experts, strengthened monitoring, and is reviewing its security posture.
  
• Volvo is reassessing vendor management contracts and requirements to reduce future third-party risk.
  

Key Lesson

This event justifies the fact that third-party risk is enterprise risk. Although the internal systems of an organization may have good security, vendors with sensitive information may be the weakest link. This requires constant vendor security tests, rigorous access measures, and clearly-defined breach response contracts to mitigate the impact of such attacks in the supply chain.

Sources: Cyber Security News

Date: September 25, 2025

2. Gucci, Balenciaga, and Alexander McQueen Private Data Ransomed by Hackers

 Incident Overview

Luxury fashion brand holder Kering confirms that data breaches on Gucci, Balenciaga, and Alexander McQueen were targeted in a ransomware attack. Hackers claimed to have stolen sensitive private data from these companies and threatened to leak it unless a ransom was paid. The attack appears to have targeted third-party systems connected to the brands rather than directly breaching their core infrastructure.

What Data Was Exposed

The stolen data reportedly included:

• Confidential business files
  
• Employee information
  
• Internal communications
  
• Design and operational documents
  

While customer payment data exposure was not clearly confirmed, the attackers hinted that sensitive files tied to operations and internal processes were among the stolen material.

Number of Affected Individuals

The number of those affected is not published accurately. Since the nature of the brands and the nature of the files stolen, there might be employees, contractors, and even suppliers of the companies affected by the breach.

Business Impact

• • Reputational risk: Luxury fashion houses thrive on brand value and exclusivity. Any data leak can harm their image.
    
  • Financial exposure: Costs could arise from investigations, legal actions, and ransom negotiations.
    

• Operational disruption: Sensitive design or business files in criminal hands can expose competitive strategies.
  

Company Response

The companies have refused to acknowledge publicly that any ransom was paid. It has been reported that they are collaborating with cybersecurity professionals to determine the magnitude of the breach and avoid additional leaks. Statements have been restrained formally, thus showing that there are still investigations.

Key Lesson

There are also severe threats to even those industries that would not have been viewed as prime cyber targets in the past, such as fashion. Luxury brands are desirable targets of ransomware groups because of the high-value intellectual property, exclusive information about clients, and sensitive internal documentation. It is essential to improve third-party risk management and constant monitoring to ensure such breaches are avoided.

Source: BBC

Date: 15 September 2025

3. Cybersecurity Breach at European Airports Highlights Aviation Risks

Incident Overview

Heathrow, Brussels, and Berlin are some of the major European airports that were severely affected on 19 September 2025. The problem was a result of a cyberattack on the passenger processing system of Collins Aerospace (MUSE / vMUSE). Being the common platform of many airlines and airports, the attack rapidly crossed the borders, resulting in a massive failure of operation.

What Data Was Exposed

The attack has focused on disrupting the systems instead of stealing the passenger data directly. Nevertheless, the compromised vendor system accommodated sensitive airline and airport operations, and risks of exposure cannot be ruled out.

Number of Affected Individuals

There were tens of thousands of stranded passengers, cancellations, and long queues. Its actual number of victims is still under investigation, but it covers several European centers.

Business Impact

• Flight cancellations and delays led to major revenue loss.
  
• Reputational damage for airports and airlines as travelers lost trust.
  
• Operational chaos as airports reverted to manual boarding and baggage processes.
  
• Regulatory scrutiny due to the incident’s impact on critical infrastructure.
  

Company Response

• Airports switched to manual fallback processes to keep limited operations running.
  
• Regulators and cybersecurity agencies confirmed it was a ransomware attack.
  
• Investigations are ongoing to determine the attackers and strengthen defenses.
  

Key Lesson

This episode draws our attention to the fact that third-party dependencies are subject to single-point failure. Even the most controlled sectors, such as the aviation industry, can be compromised in case of a breach of vendor systems. As critically important as prevention is, resilience planning, vendor risk management, and strong incident response.

Source: World Economic Forum

Date: 19 september 2025

4. Wealthsimple Breach Underscores Growing Cyber Threats to Fintech Sector

Incident Overview

Wealthsimple is a Canadian online investment and financial services company that announced that there was a security breach that the company suffered, which revealed sensitive information of customers. The company established that the hackers had unauthorized access to the company via a hacked third-party vendor account that is part of the Wealthsimple operations. Customer records were accessed whilst core banking and trading systems were not impacted.

What Data Was Exposed

• Basic personal details such as names and email addresses
  
• Limited account-related information (no passwords or direct financial transaction data reported)
  
• Some metadata tied to account activity
  

Wealthsimple clarified that no funds were stolen and that payment or banking credentials were not exposed.

Number of Affected Individuals

The company has not released exact figures, but early reports suggest a subset of its Canadian user base was affected. Wealthsimple serves over 3 million users, so even a small percentage represents a significant impact.

Business Impact

• Reputation hit: As a fintech, any breach undermines customer trust in its ability to safeguard financial data.
  
• Operational strain: Internal resources had to be redirected to handle incident response, customer support, and regulatory reporting.
  
• Regulatory scrutiny: Fintechs in Canada fall under strict compliance standards, meaning Wealthsimple will likely face deeper reviews of its security practices.
  

Company Response

• Immediately cut off access to the compromised third-party account.
  
• Engaged external cybersecurity experts to investigate and contain the incident.
  
• Notified regulators and began alerting affected customers directly.
  
• Implemented additional monitoring and tightened vendor access controls to prevent recurrence.
  

Key Lesson

This incident highlights that third-party vendor risk is one of the weakest links for fintechs. Even if core infrastructure is secure, external partners with access to systems can become an entry point for attackers. Regular vendor risk assessments, zero-trust access models, and continuous monitoring are essential for fintech companies handling sensitive financial data.

Source: NCFA

Date: 9 September 2025

5. Harrods Cybersecurity Incident Raises Concerns After Customer Data Breach

Incident Overview

Luxury retailer Harrods confirmed a data breach after cybercriminals gained unauthorized access to customer-related data. The attack targeted systems linked to customer services and loyalty programs, raising concerns about privacy and data misuse. While the full scope is still under investigation, early indications suggest a combination of phishing and credential theft tactics was used to breach the environment.

What Data Was Exposed

• Customer names and contact information
  
• Loyalty program details and membership IDs
  
• Limited financial information (partially redacted payment details)
  
• Purchase history linked to loyalty accounts
  

No evidence currently points to full credit card numbers being leaked, but exposed personal and behavioral data increases risks of phishing and fraud.

Number of Affected Individuals

Reports suggest tens of thousands of Harrods customers could be impacted, especially those registered with online accounts and loyalty memberships.

Business Impact

• Potential regulatory scrutiny under UK GDPR and fines from the Information Commissioner’s Office (ICO)
  
• Reputational damage to Harrods as a luxury brand trusted with high-net-worth clientele data
  
• Increased risk of targeted phishing and scams against customers
  
• Financial costs tied to incident response, legal fees, and customer support

Company Response

Harrods stated that:

• Their security team isolated the breach and contained the threat.
  
• Affected customers were notified and advised to monitor suspicious activity.
  
• They engaged third-party cybersecurity experts to review systems and strengthen controls.
  
• Cooperation with law enforcement and regulators has begun.

Key Lesson

This breach highlights how luxury and retail brands are prime targets due to the financial profile of their customers. Loyalty programs, often overlooked, hold valuable personal data that can be weaponized by attackers. Organizations must apply Continuous Threat Exposure Management (CTEM) and risk-based vulnerability management (RBVM) to proactively discover, prioritize, and remediate risks before attackers exploit them.

Source: BBC

Date: 27 september 2025

Final Words

The September 2025 data breaches emphasize recurring security challenges:

• Vendor-driven compromises (Volvo, Wealthsimple)
  
• Ransomware with sensitive data theft (Gucci, Balenciaga, Alexander McQueen)
  
• Critical infrastructure disruption (European airports through Collins Aerospace systems)
  

Enterprises should not only stop at internal security inspections, but also apply equal efforts to vendor ecosystems to reduce exposure. The Continuous Threat Exposure Management (CTEM) and Risk-Based Vulnerability Management (RBVM) offer the problem frameworks to identify, evaluate, and rank threats in both direct and third-party environments.

Strobes Security enables organizations to:

• Continuously map exposures across cloud, SaaS, and supply chain environments
  
• Prioritize based on business impact rather than raw vulnerability counts
  
• Automate workflows for faster, more consistent remediation
  
• Validate risks with Pentesting as a Service (PTaaS) for ongoing assurance
  

Book a demonstration with Strobes to learn how our integrated platform can serve to mitigate the risk of breaches and make your security program more robust.

The post Top Data Breaches In September 2025 appeared first on Strobes Security.

*** This is a Security Bloggers Network syndicated blog from Strobes Security authored by Likhil Chekuri. Read the original post at: https://strobes.co/blog/top-data-breaches-of-september-2025/