Major U.S. Companies Hit by Wave of Cyberattacks in 2025

Companies across the United States are facing an alarming increase in cyberattacks powered by artificial intelligence, with hackers stealing sensitive data and bringing business operations to a standstill.

The latest victim is Fairlife, LLC, a dairy company owned by Coca-Cola, which was forced to temporarily shut down its U.S. production operations after an outside party gained unauthorized access to portions of its computer systems.

Earlier this week, the White House announced it is forming a new coordination group that will bring together AI developers and operators of critical infrastructure. The goal is to share information about cybersecurity weaknesses discovered by advanced AI systems and to work together on responses.

Below is a rundown of U.S. companies that have reported or been impacted by cyber incidents so far this year:

January 26 — Nike: The ransomware group World Leaks claimed on its website to have published 1.4 terabytes of data taken from Nike. The company declined to address the specifics of its investigation or whether any ransom was paid.

January 28 — Bumble, Match Group, Crunchbase, and Panera Bread: Bloomberg News reported that cyberattacks struck Bumble, Match Group, and Crunchbase. Separately, Panera Bread disclosed a security incident involving customer contact information and notified the appropriate authorities.

February 24 — Wynn Resorts: The company confirmed that hackers obtained employee data, triggering an investigation. The attackers demanded the equivalent of roughly $1.5 million in bitcoin.

March 11 — Stryker: A hacking group with ties to Iran claimed credit for an attack on the medical device maker that disrupted order processing, manufacturing, and shipping worldwide. The attackers also wiped remote devices running the Windows operating system. However, Stryker said patient services and connected medical products were not affected.

March 12 — Crunchyroll: Hackers claimed to have taken personal data along with 8 million support ticket records from the subscription-based anime streaming service, including 6.8 million unique email addresses, according to a report by BleepingComputer.

March 28 — Hasbro: The toy company said it was looking into a cybersecurity incident involving unauthorized access to its network. Hasbro took some systems offline and warned customers that order fulfillment could be delayed for several weeks.

April 10 — OpenAI: OpenAI disclosed a security issue after a third-party developer tool called Axios caused a GitHub workflow to download and run a malicious version of Axios. The company said it found no evidence that user data, systems, or intellectual property had been compromised.

April 13 — Take-Two Interactive’s Rockstar Games: The hacking group ShinyHunters claimed it stole nearly 80 million Rockstar Games business records by taking advantage of a third-party breach involving analytics provider Anodot. Rockstar said only a small amount of non-material company information was accessed.

May 4 — West Pharmaceutical Services: The medical equipment maker said a cyberattack involving data theft and system lockdowns disrupted manufacturing and logistics operations around the world. The company took systems offline before eventually restoring operations at its manufacturing, supply chain, and commercial locations.

May 11 — Instructure/Canvas: Instructure, the company behind the widely used Canvas educational learning management system, said a hack linked to ShinyHunters disrupted access and exposed student and school data from nearly 9,000 institutions. The company later reached an agreement under which the group said the stolen data was deleted and customers would not be targeted for extortion.

May 21 — Blank Rome: The law firm said cybercriminals posing as its IT department tricked an attorney into uploading files, exposing the personal information of 57,554 current, former, and prospective clients. The incident is the subject of a proposed class action lawsuit.

May 27 — Carnival: The cruise company said a social-engineering attack compromised an employee account, exposing personal details including names, addresses, and government-issued identification numbers. The company blocked the unauthorized access and notified those affected.

June 11 — Novo Nordisk: The maker of Wegovy said unauthorized individuals copied information from its internal IT systems, including limited clinical trial patient data. The company launched an investigation and temporarily shut down certain internal systems, though it said core operations were not impacted.

June 15 — iRhythm Holdings: The medical technology firm said a threat actor obtained potentially sensitive data — including proprietary information and patient health records — through a social-engineering attack targeting third-party-hosted business applications. A payment demand was later issued, though the company said patient care, medical device systems, and operations remained unaffected.

June 15 — AdaptHealth: The company reported that a “threat actor” stole patient information and insurance billing passwords after a social-engineering attack compromised a third-party contractor’s account, giving the attackers access to cloud-based business applications and internal patient management systems.

June 17 — Fortinet: Researchers reported that a widespread hacking campaign targeting Fortinet firewall and VPN devices compromised approximately 75,000 systems globally, resulting in password theft at Fortune 500 companies and government agencies in more than 15 countries.

July 16 — Coca-Cola Co./Fairlife: The beverage giant said its dairy subsidiary Fairlife temporarily suspended U.S. production operations after unauthorized access to parts of its systems, including production-related systems. The company investigated the incident while working to restore affected operations.