Data breaches, leaks, ransomware attacks, digital extortion, and state-sponsored attacks continued to be a persistent concern in 2025, amid significant geopolitical events and policy changes initiated by the U.S. government. Several high-profile incidents highlighted vulnerabilities in data security across various sectors.

One notable trend involved attacks targeting third-party integrations with major platforms. In at least two instances, attackers successfully extracted data from Salesforce by compromising its contractors, rather than directly breaching Salesforce itself. Gainsight and Salesloft were among the affected third-party integrations.

Google's Threat Intelligence Group issued a report in August detailing one such incident, revealing that data from Google Workspace was compromised through a breach of Salesloft's Drift platform, a sales and marketing tool. While not a direct attack on Google Workspace, the incident raised concerns about the security risks associated with interconnected platforms and the potential for cascading breaches. The report emphasized the importance of robust security measures across all integrated services to prevent such incidents.

The breaches underscored the increasing sophistication of cyberattacks and the challenges organizations face in securing their data, particularly when relying on third-party vendors. Security experts have advised companies to conduct thorough risk assessments of their vendors and implement stringent security protocols to mitigate potential vulnerabilities. The incidents also prompted discussions among policymakers regarding the need for stricter regulations and oversight of data security practices, especially concerning third-party relationships.