June’s biggest breaches did not start with sophisticated exploits…they started with phone calls and employees who had no reason to doubt the person on the other end of the line. Charter lost 4.9 million accounts after one employee answered one vishing call, and Carnival exposed 6 million customers the same way. According to PKWARE, social engineering is now the primary breach entry vector, and no firewall stops a conversation.
Here is what happened and what it means for your business.

The Breaches
1. Charter Communications (Spectrum): 4.9 Million Accounts, One Phone Call
ShinyHunters breached Charter through a vishing attack that compromised a single employee’s Microsoft Entra account and opened access to Salesforce data containing 4.9 million customer records. Charter maintained no sensitive personal information was released, though breach monitoring services tied the full dataset to the incident. One of those statements is more reassuring than the other.
How it happened: One employee answered one phone call, one account was compromised, and that was enough to open the door to everything behind it.
2. Carnival Corporation: 6 Million Customers, Passport Numbers Included
Carnival disclosed that a single socially engineered employee account exposed nearly 6 million customers, including names, addresses, birth dates, and government ID numbers including passports and driver’s licenses. The Texas Attorney General opened an investigation after more than 800,000 Texans were confirmed affected.
How it happened: The same playbook as Charter, where one compromised employee account put millions of people downstream of a single failure.
3. Nintendo: Years of Employee Data Through a Third-Party Survey Tool
Nintendo confirmed that threat actors stole employee data from TinyPulse, a third-party engagement platform used internally, including names, email addresses, bank statements, W-9 forms, and reports dating back to 2016. Nintendo’s own systems were not compromised, which is the kind of sentence that sounds reassuring until you realize the data is still out there.
How it happened: Nintendo did not get hacked; their survey tool did, and the exposure was still theirs to manage.
4. Foxconn: 8TB Stolen From North American Factories
Foxconn confirmed a ransomware attack by the Nitrogen group on its North American factories, with 8 terabytes of data stolen; the files included schematics, project details, and customer documents tied to Apple, Dell, Google, and Nvidia. Affected factories resumed production, but manufacturing remains the most heavily targeted sector for ransomware with nearly 70% more victims than the next most targeted industry.
How it happened: Ransomware targeting manufacturing operations, consistent with the pattern that has made manufacturing the most attacked industry four years running.
5. Madison Square Garden: The Knicks and Rangers Added to the List
MSG Sports Corp was hit by ShinyHunters ransomware, adding the organization behind the New York Knicks and Rangers to a list that already includes Charter and Carnival from the same month. The full scope of what was stolen is still emerging.
6. FortiBleed: 73,000 VPN Credentials Leaked
A newly discovered leak dubbed FortiBleed exposed Fortinet and FortiGate VPN credentials for 73,932 firewall URLs worldwide. CISA advised impacted organizations to terminate sessions, reset credentials, enable MFA, and review logs immediately.
How it happened: A credential collection from Fortinet devices was compiled and leaked, exposing VPN access points at thousands of organizations that had not rotated or secured their credentials. If your organization runs Fortinet products, CISA’s guidance is the first priority after reading this.
Not sure if your business has exposure from any of June’s incidents? → Schedule a free security assessment with Rob.
What June Is Telling Us
Three of June’s largest breaches came down to one socially engineered employee, with no sophisticated tooling required. The other thread running through the month is third-party exposure: Nintendo’s breach did not touch Nintendo’s systems; the data left through a vendor, the same pattern that defined April and May. Your security posture includes every tool and platform your team uses, whether or not you built it.
Ask yourself the same three questions we come back to every month:
- Does your team know what a vishing attack sounds like and what to do when they receive one?
- Do you know what third-party tools have access to your employee or customer data right now?
- If a vendor you trust gets breached tonight, would you know before your clients do?
If any answer is uncertain, that is where to start.
The businesses that don’t get breached aren’t lucky; they are prepared.
→ Schedule Your Free Security Assessment with Rob
→ Learn More About Our Managed Security Services
Published: Jul 2, 2026
Need IT Support for Your Florida Business?
GiaSpace provides proactive managed IT services, cybersecurity, and local tech support across Florida — with teams in Gainesville, Fort Lauderdale, Jacksonville, and Ocala.
Managed IT Services FloridaCybersecurity Services FLGainesville IT ServicesFort Lauderdale IT Services