The Weekly Breach Breakdown Podcast by ITRC: Spiderwebs – S6E19

Show Transcript

Welcome back to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown, supported by Sentilink. I’m James E. Lee, the ITRC’s President, and this is the episode for June 20, 2025. Happy first day of summer! Each week, we take a look at the latest news and trends related to data security and privacy. This week, we’re going to talk about a heads-up being issued by cyber threat researchers. However, we’re going to swerve into the rapidly changing cybersecurity policy landscape and ransomware group Scattered Spider – just for fun.

If you ask an artificial intelligence bot how many people in the U.S. are afraid of spiders, it will tell you that up to 50 million people suffer from arachnophobia. I’m not one of them, but I’m close. With that said, not all scary spiders are of the 8-legged freak.

One of the most active ransomware groups today is known as Scattered Spider, and it is fresh off a tour of retail stores in the UK. The prolific cybercrime group back in May cost one of Britain’s largest retailers about $400 million in an attack that shut down the company’s online operations. 

At first, Marks & Spencer called the attack a "cyber incident" but later acknowledged it was a cyberattack that compromised personal information of its customers, including home addresses, telephone numbers and dates of birth, along with impacting store operations. Other retailers hit in the wave attack included Dior, Harrods, the Co-Op Group, as well as businesses based in China and South Korea.

Now, the creepy crawly-named threat actors are headed to the U.S. to attack insurance companies, based on attack patterns noticed by cybersecurity researchers at Google.

“Given this actor’s history of focusing on a sector at a time, the insurance industry should be on high alert, especially for social engineering schemes which target their help desks and call centers,” according to a Google statement.

If Scattered Spider follows its usual pattern, we can expect to see reports of cyberattacks leading to operational disruptions across the insurance sector shortly. Oh, wait. We have seen an attack at Erie Insurance. However, the company has not released details of the attack or attackers, except to report that their systems are offline, keeping customers from accessing their accounts or employees from processing requests.

All of this Scattered Spider talk comes at a time when efforts to roll back cybersecurity regulations, support and funding at the federal level are accelerating. States are increasingly being asked to pick up the slack, despite having little to no infrastructure or experience. 

The previous presidential directive that would have required software manufacturers to attest that they had provided bug-free software has been replaced with the previous rules that encouraged routine patching to address software flaws. 

The same prior executive order encouraged states to move to digital IDs and provided resources to make that happen to increase identity security. That, too, has been rescinded. Regular followers know the ITRC supports the move to digital IDs as a way to reduce identity crimes including theft, fraud and scams. There are also more Federal data and privacy protection rules on the chopping block.

All the more reason for us to step up our cyber-hygiene game to protect our personal information in a world where there are few resources to help keep us safe, but an overabundance of people seeking to take what is ours.

If you want to learn how to secure your personal or business information or if you’ve been the victim of identity theft, fraud or a scam, speak with an expert ITRC advisor on the phone or via text, chat live on the web or exchange emails during our normal business hours ( 6 a.m.-5 p.m. PST Monday-Friday). Just visit www.idtheftcenter.org to get started. 

Thanks again to Sentilink for supporting this podcast and the ITRC. Please hit the like button for this episode and subscribe where you listen to podcasts. Next week, check out our sister podcast, the Fraudian Slip, when we break down the findings in our 2025 Trends in Identity Report. Until then, thanks for listening.