Most cybersecurity headlines read like isolated events. A company announces a breach. Numbers get reported. People move on. But look at the full picture from late 2024 through today, and a different story emerges — one about how attackers move patiently, stay hidden, and cash in months later. Here’s that story.
In the fall of 2024, attackers quietly slipped into the systems of Conduent — a New Jersey-based technology contractor whose software powers Medicaid claims processing, public assistance payments, and toll systems across 46 U.S. states. The intrusion went undetected for months.
At the same time, a group known as Salt Typhoon — linked to Chinese state-sponsored hackers — was already embedded deep inside the networks of major U.S. telecommunications providers, including AT&T and Verizon. They weren’t there to make noise. They were there to listen — intercepting communications in what investigators would later describe as one of the worst telecom espionage operations in American history.
Neither breach was known publicly at the time. Both would have enormous consequences.
Through 2025, a hacking collective known as Scattered Spider — which had already made headlines attacking UK retailers like Marks & Spencer and Co-op — expanded its reach dramatically. Their method wasn’t technical wizardry. It was social engineering: calling employees, impersonating IT helpdesk staff, and talking people into handing over credentials. It worked on some of the world’s biggest brands.
The casualty list grew to include Dior, The North Face, Cartier, Victoria’s Secret, Adidas, and Coca-Cola. Different industries, different systems — same playbook.
Insurance giant Aflac disclosed that over 22 million people had personal health records, insurance details, and medical histories exposed. Meanwhile, a former engineer at South Korean e-commerce giant Coupang quietly exploited an authentication flaw he knew about from the inside — accessing user accounts without proper credentials for months before anyone detected it.
The Substack newsletter platform was also breached in October 2025 — but no one at the company knew. An unauthorized party had silent access to the personal data of nearly 700,000 users for four months before the intrusion was finally discovered in February 2026.
The new year didn’t bring a reset — it brought receipts. The Conduent breach, first detected internally in early 2025, was finally disclosed publicly. The damage: up to 25 million people potentially affected. Records spanning names, dates of birth, Social Security numbers, medical records, and insurance information. The Texas Attorney General opened an investigation. Class action lawsuits began stacking up within weeks.
Panera Bread disclosed that a January 2026 attack by the ShinyHunters ransomware group had exposed 5.1 million customer accounts — names, email addresses, phone numbers, and home addresses. When Panera refused to pay the ransom, the group published the stolen data publicly. More lawsuits followed.
Japan Airlines confirmed in February that unauthorized access had compromised customer travel data — names, contact details, and itinerary information — for passengers going back to mid-2024. Thousands were affected, with the breach discovered nearly two years after the initial access window opened.
In healthcare, the University of Mississippi Medical Center was hit hard enough to force outpatient clinic closures and cancellation of scheduled procedures. Cyberattacks on hospitals aren’t just an IT problem — they directly interrupt patient care.
And layered over all of it: AI. A study released this month found that AI-assisted attacks are now compromising systems in as little as 72 minutes from first access. Attackers are using AI to craft more believable phishing emails, automate reconnaissance, and move faster than traditional security teams can manually respond.
Look across all of these incidents and the same threads appear: entry through a vendor, a known vulnerability, or a person who was tricked into opening the door. Months of undetected access. Damage discovered long after it’s already done.
The companies and institutions in these stories weren’t reckless. Many had IT teams and security tools in place. What failed them was fragmented coverage, slow detection, and a reactive posture — gaps that attackers are very good at finding and exploiting.
You don’t have to be the size of Panera or Conduent to be a target. Attackers increasingly go after smaller businesses precisely because the defenses are weaker. Here’s what every SMB should have locked down:
CyberSuite bundles all of the above into one managed platform built for growing businesses — without the enterprise price tag or the need for an in-house IT team.
Complex networks and relentless threats call for smarter, integrated security, beyond the basics.
Have questions or want a demo? Fill out the form below and we’ll respond promptly.
