> series: anatomy_of_a_breach —— part: 204 —— year: 2025 —— verdict: uk_worst_year_ever —— ms: £1.9B —— bybit: $1.4B —— passwords: dead<span class="cursor-blink">_</span>_
2025 was the most devastating year for UK corporate cybersecurity on record. Marks & Spencer's £1.9 billion DragonForce ransomware attack impacted UK GDP growth — the first time a single corporate breach demonstrably affected national economic output. Co-op and Harrods were targeted in the same coordinated campaign, prompting emergency NCSC guidance. Jaguar Land Rover's manufacturing was halted during peak registration season. And Collins Aerospace ransomware disrupted Heathrow and other European airports.
Globally, Bybit lost $1.4 billion in the largest cryptocurrency theft ever. Three Chinese APT groups exploited a SharePoint zero-day to compromise 400+ organisations including US nuclear security. The Salesforce ecosystem breach was dubbed the 'SolarWinds moment for SaaS.' And 16 billion stolen credentials were discovered — proving conclusively that password-only authentication has failed. Seventeen years of this series. As the BBC reported on M&S and the NCSC issued emergency retail guidance, the root causes remain unchanged. The consequences have never been higher.
We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.
Free Scoping Call| # | Breach | Key Lesson |
|---|---|---|
| 193 | PowerSchool | 62M students. Grades. Medical records. Ransom paid. 19-year-old pleads guilty. |
| 194 | Bybit ($1.4B) | Largest crypto heist ever. Lazarus Group. Cold wallet signing compromised. |
| 195 | Oracle Cloud + NYU | Legacy cloud claims. 3M applicants since 1989. Legacy risk everywhere. |
| 196 | Marks & Spencer | UK: £1.9B. GDP impact. Most expensive UK breach ever. DragonForce ransomware. |
| 197 | UK Retail Siege | UK: M&S + Co-op + Harrods. Coordinated campaign. NCSC emergency guidance. |
| 198 | SAP NetWeaver | Enterprise backbone under attack. 400K organisations at risk. Patch urgently. |
| 199 | SharePoint Zero-Day | 400+ orgs including NNSA. Three Chinese groups. Platform concentration risk. |
| 200 | Collins / Airports | UK: Heathrow + Brussels + Berlin. Shared aviation system. Manual check-in. |
| 201 | Jaguar Land Rover | UK: Manufacturing halted. Staff sent home. Revenue impacted. Peak period. |
| 202 | Salesforce Ecosystem | 200+ companies. Chatbot integration. 'SolarWinds moment for SaaS.' |
| 203 | 16 Billion Credentials | Infostealer aggregation. 20x Collection #1. Passwords are dead. |
| 204 | 2025 Year in Review | UK worst year. M&S £1.9B. JLR halted. GDP impacted. Seventeen years complete. |
With 204 articles across seventeen years, the Anatomy of a Breach series has documented the complete arc from HMRC's lost CDs to Marks & Spencer's £1.9 billion catastrophe. The root causes have not changed in seventeen years: unpatched systems, absent MFA, social engineering, supply chain trust, and the persistent gap between policy and implementation. But 2025 proved that the consequences have reached a new level — impacting UK GDP, halting manufacturing at Britain's largest car maker, and disrupting major airports. The controls remain the same. The urgency has never been greater.
Penetration testing. Cyber Essentials certification. Social engineering testing. SOC in a Box monitoring. Incident response capability. Seventeen years of evidence. 204 articles. One conclusion. Implement these controls. The organisations that do survive. The rest fill these pages. The series continues into 2026.
<a href="/penetration-testing">Test</a>. <a href="/cyber-essentials">Certify</a>. <a href="https://www.socinabox.co.uk">Monitor</a>. <a href="https://www.cyber-defence.io">Prepare</a>. Because £1.9 billion is the cost of inaction.
We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.
Free Scoping Call