What happens when a state business council’s sensitive data is exposed for anyone to exploit? When ransomware cripples a top pharmaceutical research company? A social engineering hack affects a global productivity software platform? Or when millions of user credentials from a popular payment platform end up for sale on the dark web?

This week’s stories show just how varied and unpredictable cyber threats have become: anyone and anything can be a target. We all need to be alert.

New York Business Council Breach: 47,000+ Affected

The Business Council of New York State confirmed that nearly 47,329 individuals were affected by a data breach discovered in August 2025. The intrusion occurred back in February, but went undetected for almost six months.

The stolen information includes highly sensitive details like names, dates of birth, Social Security numbers, financial data, medical information, and even signatures. Notices are now being sent to affected individuals, with offers of identity protection services.

What’s the Implication of this?

With this range of personal data exposed, victims face a serious risk of identity theft, medical fraud, financial scams, and targeted phishing. The long delay in detection also means criminals have had months to misuse the data.

What You Can Do

• Monitor credit reports and bank accounts for suspicious activity.

• Treat any calls or emails referencing this breach with caution.

• Consider placing a fraud alert or credit freeze with major credit bureaus.

While this breach shows how deeply personal data can be compromised, another attack shows how cybercriminals can disrupt business operations.

Workday Suffers a Social Engineering Attack

Last week, Workday confirmed that hackers carried out a large-scale social engineering campaign through one of its third-party vendors. By impersonating IT and HR staff, attackers tricked employees into handing over personal details and credentials. This allowed them to access customer support tickets containing names, emails, and phone numbers—information that could fuel further phishing campaigns. Workday stressed that no core customer data on its servers was compromised.

What’s the Implication of this?

Even without direct access to Workday’s servers, attackers now hold valuable customer contact details. This opens the door to more convincing phishing and credential theft attempts, especially since Workday serves over 11,000 organizations, including 60% of the Fortune 500. The incident highlights how supply-chain and vendor weaknesses can become an entry point for large-scale cyberattacks.

What You Can Do

• Be cautious of emails, calls, or texts asking for sensitive information, especially if they appear to come from HR or IT.

• Verify suspicious requests through official channels before responding.

• Enable MFA wherever possible to limit damage if credentials are stolen.

• Train employees regularly to recognize social engineering red flags.

Inotiv Ransomware Attack: Operations Disrupted

Inotiv suffered a ransomware attack in early August 2025 which disrupted internal systems. This forced the company to disable multiple applications while it investigates and attempts restoration.

While the company has confirmed the attack, it hasn’t disclosed whether any sensitive client or employee data was stolen. However, the disruption has already affected operations and required formal reporting to the U.S. Securities and Exchange Commission (SEC).

What’s the Implication of this?

This attack indicates that ransomware doesn’t just steal data but can grind operations to a halt which costs money, trust, and time. Even if no personal information is leaked, clients and partners may still face delays, uncertainty, and potential secondary risks.

What You Can Do

• Ensure your organization has secure, tested backups in place.

• Train employees to spot phishing emails that often trigger ransomware.

• Review contracts with vendors to understand how a partner’s breach could affect you.

And while Inotiv fights to restore its systems, another headline reveals a threat hitting individuals worldwide.

15.8 Million PayPal Credentials for Sale on Dark Web

In mid-August 2025, security researchers discovered that nearly 15.8 million PayPal account credentials are being sold on a dark web forum. The data includes email addresses and plain-text passwords.

PayPal has not confirmed any new breach of its systems. The company clarified that the leaked data is related to a 2022 security incident, not a fresh compromise. Independent experts suggest the credentials were most likely harvested by infostealer malware infecting users’ devices, rather than stolen directly from PayPal.

What’s the Implication of this?

Even if your PayPal account isn’t directly compromised, hackers could use stolen credentials to attempt logins on other services you use. Credential-stuffing attacks can lead to drained bank accounts, stolen identities, and unauthorized purchases.

What You Can Do

• Change your PayPal password immediately, and anywhere else you use the same one.

• Enable multi-factor authentication (MFA) for an extra layer of protection.

• Use a password manager to create strong, unique passwords for every account.

These three incidents are different but equally serious threats – massive data exposure, business shutdowns, and credential theft. Cyberattacks can take any form and what you think would never be weaponized, often is. You need to be informed and prepared so you don’t become a victim.

This is exactly our mission at Cyberkach, to help you stay safe. We achieve this through our Cyber Awareness training, resources, podcasts, and webinars.

Want to stay resilient in the face of emerging cyberthreats? Contact us to help. Also, subscribe to our Blog for regular insights and updates on how to protect yourself and your organisation from cyber risks.