Data Breaches Dominate Cybersecurity Landscape on November 18, 2025

On November 18, 2025, significant cybersecurity incidents brought to light the persistent vulnerabilities that organizations face in today's digital landscape. Notably, DoorDash confirmed a security breach resulting from social engineering that compromised sensitive customer information, including names, email addresses, and phone numbers of potentially millions of users across various countries. This incident underscores the susceptibility of even established consumer platforms to targeted attacks on employees' credentials.

In another major incident, the University of Pennsylvania experienced a breach that leaked personal data of approximately 1.2 million students, alumni, and donors. The breach was exacerbated by threatening emails warning of further disclosures, highlighting the dangers posed by third-party risks in data security.

Additionally, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) flagged critical vulnerabilities in software from SolarWinds and Ivanti, which are reportedly being actively exploited. These incidents signal an urgent need for organizations to fortify their cybersecurity practices in the face of evolving threats, particularly in the realm of social engineering and software vulnerabilities.