Call Us For A AreWeAFit Consultation (954) 507-3475

June’s biggest breaches did not start with sophisticated exploits…they started with phone calls and employees who had no reason to doubt the person on the other end of the line. Charter lost 4.9 million accounts after one employee answered one vishing call, and Carnival exposed 6 million customers the same way. According to PKWARE, social engineering is now the primary breach entry vector, and no firewall stops a conversation.

Here is what happened and what it means for your business.

The Breaches

1. Charter Communications (Spectrum): 4.9 Million Accounts, One Phone Call

ShinyHunters breached Charter through a vishing attack that compromised a single employee’s Microsoft Entra account and opened access to Salesforce data containing 4.9 million customer records. Charter maintained no sensitive personal information was released, though breach monitoring services tied the full dataset to the incident. One of those statements is more reassuring than the other.

How it happened: One employee answered one phone call, one account was compromised, and that was enough to open the door to everything behind it.

2. Carnival Corporation: 6 Million Customers, Passport Numbers Included

Carnival disclosed that a single socially engineered employee account exposed nearly 6 million customers, including names, addresses, birth dates, and government ID numbers including passports and driver’s licenses. The Texas Attorney General opened an investigation after more than 800,000 Texans were confirmed affected.

How it happened: The same playbook as Charter, where one compromised employee account put millions of people downstream of a single failure.

3. Nintendo: Years of Employee Data Through a Third-Party Survey Tool

Nintendo confirmed that threat actors stole employee data from TinyPulse, a third-party engagement platform used internally, including names, email addresses, bank statements, W-9 forms, and reports dating back to 2016. Nintendo’s own systems were not compromised, which is the kind of sentence that sounds reassuring until you realize the data is still out there.

How it happened: Nintendo did not get hacked; their survey tool did, and the exposure was still theirs to manage.

4. Foxconn: 8TB Stolen From North American Factories

Foxconn confirmed a ransomware attack by the Nitrogen group on its North American factories, with 8 terabytes of data stolen; the files included schematics, project details, and customer documents tied to Apple, Dell, Google, and Nvidia. Affected factories resumed production, but manufacturing remains the most heavily targeted sector for ransomware with nearly 70% more victims than the next most targeted industry.

How it happened: Ransomware targeting manufacturing operations, consistent with the pattern that has made manufacturing the most attacked industry four years running.

5. Madison Square Garden: The Knicks and Rangers Added to the List

MSG Sports Corp was hit by ShinyHunters ransomware, adding the organization behind the New York Knicks and Rangers to a list that already includes Charter and Carnival from the same month. The full scope of what was stolen is still emerging.

6. FortiBleed: 73,000 VPN Credentials Leaked

A newly discovered leak dubbed FortiBleed exposed Fortinet and FortiGate VPN credentials for 73,932 firewall URLs worldwide. CISA advised impacted organizations to terminate sessions, reset credentials, enable MFA, and review logs immediately.

How it happened: A credential collection from Fortinet devices was compiled and leaked, exposing VPN access points at thousands of organizations that had not rotated or secured their credentials. If your organization runs Fortinet products, CISA’s guidance is the first priority after reading this.


Not sure if your business has exposure from any of June’s incidents? → Schedule a free security assessment with Rob.


What June Is Telling Us

Three of June’s largest breaches came down to one socially engineered employee, with no sophisticated tooling required. The other thread running through the month is third-party exposure: Nintendo’s breach did not touch Nintendo’s systems; the data left through a vendor, the same pattern that defined April and May. Your security posture includes every tool and platform your team uses, whether or not you built it.

Ask yourself the same three questions we come back to every month:

  1. Does your team know what a vishing attack sounds like and what to do when they receive one?
  2. Do you know what third-party tools have access to your employee or customer data right now?
  3. If a vendor you trust gets breached tonight, would you know before your clients do?

If any answer is uncertain, that is where to start.

The businesses that don’t get breached aren’t lucky; they are prepared.

→ Schedule Your Free Security Assessment with Rob

→ Learn More About Our Managed Security Services

Published: Jul 2, 2026

Need IT Support for Your Florida Business?

GiaSpace provides proactive managed IT services, cybersecurity, and local tech support across Florida — with teams in Gainesville, Fort Lauderdale, Jacksonville, and Ocala.

Managed IT Services FloridaCybersecurity Services FLGainesville IT ServicesFort Lauderdale IT Services
author avatar
Gabriela Noce
Gabriela Noce is the Chief Marketing Officer at GiaSpace, leading branding, digital strategy, and performance marketing to drive business growth. With expertise in content marketing, SEO, and creative campaigns, Gabriela translates complex IT topics into clear, relevant content for business leaders. She brings a data-driven mindset to ensure GiaSpace's messaging is helpful and client-focused.

Proven IT Results, Verified by Reviews

Get IT Help Now