Cyber Insights series: September 2025 – this month in cybersecurity

Welcome back to our monthly Cybersecurity Insights blog series, where we break down the most impactful cyber events shaping the global threat landscape. September 2025 was a stark reminder of how cyber attacks can ripple across industries – from healthcare and automotive to national infrastructure – causing disruption and financial loss.

Craig Lusher, Product Principal of Secure Solutions dives into three major incidents that dominated headlines during the month.

FinWise insider breach: 689,000 customers exposed

In a stark reminder of the risks posed by insider threats, FinWise Bank disclosed a breach affecting 689,000 customers of American First Finance (AFF). A former employee accessed sensitive customer data – including names, Social Security numbers, and financial account details.

The breach, discovered in June 2025, originated from residual access privileges left in an archived service account. The insider used direct SQL queries and unmonitored API endpoints to exfiltrate data from AFF’s production database.

Affected individuals have been offered 12 months of complimentary identity theft protection and credit monitoring. But multiple class action lawsuits have already been filed against FinWise. The company has since implemented stricter access controls, forensic monitoring, and quarterly security audits to prevent future incidents.

C8 Secure perspective: The FinWise breach is a textbook example of how residual access, unmonitored endpoints, and insufficient offboarding protocols can lead to massive data exposure. Insider threats – whether malicious or accidental – are among the most difficult to detect and prevent, especially in financial services where data sensitivity is high and regulatory scrutiny is intense.

Jaguar Land Rover: A billion-dollar shutdown

On September 1, Jaguar Land Rover (JLR) was forced to halt production across its UK facilities following a sophisticated cyber attack attributed to the hacker collective “Scattered Spider,” also known as LAPSUS$ and ShinyHunters.

The attack disrupted over 800 systems, impacting manufacturing, retail operations, and supply chains. Production losses are estimated at $6.6 million per day, with total damages potentially exceeding $2.67 billion. The UK government stepped in with a £1.5 billion loan guarantee to stabilize the supply chain and support affected suppliers.

C8 Secure perspective: While JLR has begun a phased restart of operations, the incident serves as a wake-up call for the automotive industry. As vehicles become more connected and reliant on digital infrastructure, robust cybersecurity measures are no longer optional – they’re essential.

Heathrow airport cyber attack: Aviation disrupted across Europe

On the night of September 19, a cyber attack on Collins Aerospace’s Muse platform – a cloud-based check-in and boarding system – crippled operations at Heathrow, Brussels, and Berlin airports. The incident forced airlines to revert to manual check-in procedures, resulting in hundreds of delays, dozens of cancellations, and frustrated passengers across Europe.

While aviation safety and air traffic control were unaffected, the disruption exposed the fragility of legacy systems still in use at many airports. Heathrow reported that 90% of flights experienced delays, with an average wait time of 34 minutes.

C8 Secure perspective: Though no data breach was reported, the attack has raised concerns about third-party vulnerabilities and the need for modernized, resilient infrastructure in aviation. Speculation about state-sponsored involvement remains unconfirmed, but the incident has prompted calls for greater transparency and investment in cybersecurity across the sector.

Key takeaways

• Supply chain resilience is critical: JLR’s shutdown impacted thousands of jobs and suppliers.
• Transportation infrastructure is vulnerable to third–party failures.
• Insider threats are often overlooked, but the FinWise breach shows how damaging they can be – especially when access controls are not rigorously enforced.

Cybersecurity solutions for a safer tomorrow

As we move into Q4, organizations must prioritize proactive cybersecurity strategies, invest in resilient infrastructure, and ensure incident response plans are tested and ready. The stakes have never been higher.

For more information on how C8 Secure can support your cybersecurity initiatives, email info@c8secure.com or fill out our Contact Us page.

Let’s Get Started