Cyber Insights series: August 2025 – this month in cybersecurity

In this Cybersecurity Insights blog series, Craig Lusher, Product Principal of Secure Solutions at C8 Secure, explores the latest cybersecurity developments, threat trends and actionable strategies to mitigate emerging risks.

Craig provides an assessment of significant cybersecurity developments in August, highlighting critical incidents such as the ongoing cyber attacks by the threat actor ShinyHunters, the devastating impact of targeted phishing campaigns, the occurrence of cyber threats beyond enterprise boundaries and instances involving repeat cyber attack victims.

ShinyHunters’ sustained attack activity

In the previous Cyber Insights blog, we reported ShinyHunters as being responsible for a series of attacks against a number of global luxury and retail brands. These instances are now understood to be part of a coordinated social engineering campaign targeting Salesforce CRM environments. The tactic: attackers pose as IT support staff, instructing employees to enter a provided code into Salesforce’s “Connect an App / enter code” interface and grant them access to CRM records via the Salesforce API.

These sophisticated social engineering tactics have resulted in further breaches in August, most notably at Google (August 5) and Workday (August 6) – the latter a leading provider of enterprise cloud applications for finance, HR and workforce management. Google disclosed that the affected data was “basic and largely publicly available business (contact) information,” while Workday reported that only “commonly available business contact information” was exposed. This incident follows a growing roster of high-profile victims, including Adidas, Allianz, Cisco, Dior, LifePandora, Louis Vuitton, Qantas and Tiffany.

C8 Secure perspective: The human element continues to be the most significant vulnerability in cybersecurity defense. To address this risk, we recommend employee training programs focused on recognizing and responding to phishing tactics, conducting frequent phishing simulations to identify potential weaknesses, deploying advanced mobile endpoint protection, enforcing robust multi-factor authentication (MFA) and maintaining vigilant monitoring of account activities for anomalous or unauthorized behavior.

New York-based luxury property firm defrauded in $19M phishing incident

Milford Entities/Management Company, a prominent NYC firm managing luxury properties, reportedly lost nearly $19 million as a result of a single phishing email received in early July. The phishing message led to the inadvertent transfer of the enormous sum to a fraudulent bank account under the name of Battery Park City Authority. The Department of Homeland Security has since launched a multi-agency investigation into the attack.

C8 Secure perspective: This incident illustrates the effectiveness and potentially catastrophic impact of phishing attacks – with profound financial, operational and reputational consequences. Enterprises and organizations must continue to prioritize the development of a robust ‘human firewall’ by deploying the strategic measures as outlined in the aforementioned ShinyHunters case.

University breach locks out staff and students

During the weekend of August 9, the University of Western Australia (UWA) – a leading Australian academic institution – experienced a data breach that compromised password credentials for thousands of staff and students. In response, all accounts were immediately locked and passwords reset. The school has reported that there is currently no evidence that additional data was accessed, and academic activities continued as scheduled.

C8 Secure perspective: UWA’s Chief Information Officer, Fiona Bishop, stated that the university is intensifying its cybersecurity posture in the face of escalating sector-wide threats. In addition to these efforts, we recommend UWA adopting a proactive cybersecurity model, which includes regular vulnerability assessment and penetration testing (VAPT), continuous network monitoring for anomalous behavior and automated incident response to isolate compromised systems and mitigate risks in real time.

French retailer Auchan experiences another data breach

On August 21, French retailer Auchan was subjected to a cyber attack resulting in the exposure of loyalty account information for several hundred thousand customers. While names, email addresses, phone numbers and loyalty card numbers were compromised, sensitive information such as bank details, loyalty card PINs and rewards points remain secure. The company acted swiftly to notify impacted customers. Notably, this is Auchan’s second major breach involving customer loyalty data within a year, with a similar incident in November 2024.

C8 Secure perspective: Auchan has responded with a series of immediate security enhancements, including the expedited rollout of MFA for internal systems, improved network monitoring and mandatory cybersecurity training for all personnel. While these steps are commendable, we also recommend instituting ongoing security audits, thorough internal and external assessments and scheduled pen testing to proactively identify and remediate security gaps. Leveraging a 24/7 Security Operations Center (SOC) with advanced threat detection and SIEM capabilities would also help facilitate early threat identification and comprehensive incident mitigation, helping to prevent future attacks.

Cybersecurity solutions for a safer tomorrow

C8 Secure provides comprehensive, multi-layered threat prevention, detection and response solutions to secure your organization’s digital assets in the face of evolving cyber threats.

For more information on how C8 Secure can support your cybersecurity initiatives, email info@c8secure.com or fill out our Contact Us page.

Let’s Get Started