{"id":756,"date":"2025-08-21T08:59:04","date_gmt":"2025-08-21T13:59:04","guid":{"rendered":"https:\/\/cmitsolutions.com\/brandon-lakeland-fl-1222\/?p=756"},"modified":"2025-08-25T14:36:21","modified_gmt":"2025-08-25T19:36:21","slug":"recent-data-breaches-aug-2025","status":"publish","type":"post","link":"https:\/\/cmitsolutions.com\/brandon-lakeland-fl-1222\/blog\/recent-data-breaches-aug-2025\/","title":{"rendered":"Recent Data Breaches: What They Mean for Your Business (Aug 2025)"},"content":{"rendered":"

Over the past few weeks, a wave of data breaches has put data security back on the front page. Several large brands confirmed exposure of contact or customer data tied to social engineering campaigns against CRM platforms<\/strong>, and a separate but widespread\u00a0third\u2011party software update defect<\/strong>\u00a0caused major operational outages worldwide. If global enterprises can be disrupted,\u00a0local small and mid\u2011sized businesses<\/em>\u2014often with fewer controls\u2014are attractive targets, too.<\/p>\n

What happened this month?<\/h2>\n

1) Salesforce\u2011related data theft campaign (multiple brands)<\/h3>\n

Multiple companies reported theft of CRM data tied to sophisticated social engineering\/OAuth abuse\u2014activity linked by researchers to the threat actor \u201cShinyHunters\u201d\/UNC6040. Confirmed disclosures include Google and Pandora; industry coverage also names Allianz Life and others. These incidents generally involved\u00a0employee impersonation and malicious OAuth app authorization<\/strong>, not a Salesforce platform exploit.<\/p>\n

2) Cisco.com user data exposed after a vishing attack<\/h3>\n

Cisco disclosed that a social\u2011engineering (voice phishing) scam led to access to a\u00a0third\u2011party cloud CRM<\/em>\u00a0environment, exposing a subset of Cisco.com users\u2019 basic profile data (names, emails, phone numbers, etc.). While not highly sensitive, this information can fuel follow\u2011on phishing and impersonation attempts.<\/p>\n

3) PBS employee contact data leaked on Discord<\/h3>\n

PBS confirmed that corporate contact information for ~4,000 employees\/affiliates was stolen from an internal service and later shared on Discord servers. Even \u201cbasic\u201d org charts and contact lists can accelerate targeted phishing and business email compromise (BEC) attacks.<\/p>\n

4) CrowdStrike incident: a third\u2011party update outage (not a data breach)<\/h3>\n

A faulty content update to the CrowdStrike Falcon agent caused a global Windows outage in July 2024; Microsoft estimates ~8.5 million Windows devices were impacted. While\u00a0not<\/strong>\u00a0a breach, it\u2019s a powerful reminder that\u00a0vendor and update risks<\/strong>\u00a0can cripple operations\u2014especially for organizations without robust continuity plans.<\/p>\n

Why small businesses should care<\/h2>\n