Data Breach Report: April 2025 Edition

April 2025 marked a concerning month in cybersecurity, with data breaches impacting a wide array of industries—from healthcare and finance to telecommunications and even professional sports. Millions of individuals had their sensitive data compromised as a result of ransomware attacks, third-party vulnerabilities, software misconfigurations, and unauthorized access incidents. High-profile organizations like Yale New Haven Health System, Blue Shield of California, and NASCAR found themselves in the crosshairs, while software providers like Cleo became conduits for broader compromise across their customer bases.

This report outlines the most significant data breaches disclosed in April 2025, highlighting the scale, causes, and data exposed in each incident to shed light on emerging cyber threats and the ongoing challenges of securing personal and organizational information.

Yale New Haven Health System (YNHHS) is a large, integrated healthcare delivery system serving patients across Connecticut and parts of Rhode Island. In April 2025, YNHHS disclosed a significant data breach stemming from unauthorized access to their network in March. This incident compromised the personal and medical information of millions of individuals.

Scale of the Breach: Approximately 5.5 million individuals were affected by this cybersecurity incident.

Type of Data Exposed: A range of sensitive data was compromised, including names, dates of birth, addresses, contact information, race/ethnicity, Social Security numbers, and medical record numbers.

Cause of the Breach: While not officially confirmed, Detected on March 8, 2025, this breach was likely a ransomware attack, where unauthorized access led to the exfiltration of data.

Official Notification: https://www.ynhhs.org/news/yale-new-haven-health-notifies-patients-of-data-security-incident

Cleo provides file transfer software, and recently, its platform was affected by a security vulnerability. This vulnerability was exploited by cybercriminals, resulting in data breaches at organizations that utilize Cleo’s software for file transfers.

Scale of the Breach: The breach has impacted multiple organizations, with data being exfiltrated from companies like Hertz and WK Kellogg.

Type of Data Exposed: The data exposed varies, but includes sensitive information such as employee records, personal data, and confidential business files.

Cause of the Breach: The breach was caused by the exploitation of vulnerabilities in Cleo’s file transfer software, including flaws that allowed unauthorized file uploads/downloads and command execution.

Texas-based company providing employee benefits and HR administration services, experienced a significant data breach. The company disclosed that a cyberattack on April 14, 2025, initially detected in February 2024, compromised the personal information of approximately 4 million individuals.

Scale of the Breach: Approximately 4 million individuals were affected.

Type of Data Exposed: Sensitive personal information, including full names, addresses, dates of birth, gender information, and Social Security Numbers.

Cause of the Breach: The exact cause has not been publicly disclosed, but it involved “unauthorized access” to VeriSource’s network.

Official Notification: http://www.verisource.com/Incident.html

A major health insurance provider, experienced a data breach affecting approximately 4.7 million members due to a misconfiguration of Google Analytics on some of its websites. This error, which occurred between April 2021 and January 2024, inadvertently shared protected health information with Google’s advertising services.

Scale of the Breach: Approximately 4.7 million Blue Shield of California members were affected.

Type of Data Exposed: Protected health information including insurance details, demographic information, service dates, providers, patient names, financial responsibility, and search activity.

Cause of the Breach: A misconfiguration of Google Analytics on certain Blue Shield websites.

Official Notification: https://news.blueshieldca.com/notice-of-data-breach

DBS Group and Bank of China (Singapore branch) both utilize Toppan Next Tech for printing services related to customer statements and letters. In early April 2025, TNT reported a ransomware attack on their systems, which led to the extraction of some customer data belonging to both banks.

Scale of the Breach:

• DBS: Approximately 8,200 customers had their statements or letters potentially compromised. The majority of these related to DBS Vickers (brokerage) accounts and some Cashline (short-term loan) accounts.
• Bank of China (Singapore): Around 3,000 personal banking customers were affected, whose paper notifications were printed and distributed by TNT.

Type of Data Exposed:

• DBS: The potentially compromised information included first and last names, postal addresses, and details relating to equities held under DBS Vickers and Cashline loans.
• Bank of China (Singapore): The data exposed included customer names, addresses, and in some cases, loan account numbers.

Cause of the Breach:

The root cause was a ransomware attack on Toppan Next Tech’s (TNT) systems. The attackers gained unauthorized access to TNT’s network and extracted data. The banks’ own systems were not directly compromised in this incident, highlighting the risks associated with third-party vendors in the supply chain.

A major telecommunications provider in Africa and Asia, recently disclosed a cybersecurity incident in late April 2025 that resulted in unauthorized access to the personal information of some of its customers across certain markets.

Scale of the Breach: The exact number of affected customers and the specific markets involved are still under investigation and haven’t been fully disclosed by MTN. However, MTN Ghana has confirmed that approximately 5,700 of their customers may have been impacted.

Type of Data Exposed: MTN has indicated that the information accessed was personal information of some customers. While the specifics are still being determined, reports suggest it includes names, surnames, and mobile numbers.

Cause of the Breach: MTN has only stated that an “unknown third party” gained “unauthorized access to data linked to parts of our systems.” The company has not yet provided details on the specific vulnerability exploited or the methods used by the attackers.

Official Notification: https://www.mtn.com/mtn-cybersecurity-incident-but-critical-infrastructure-secure/

NASCAR, the National Association for Stock Car Auto Racing, reportedly experienced a significant cybersecurity incident in early April 2025. The Medusa ransomware group claimed responsibility for the attack, alleging they exfiltrated over one terabyte of data from NASCAR’s systems.

Scale of the Breach: The Medusa ransomware group claims to have stolen over 1 terabyte of data. The exact number of individuals affected is unclear, but the nature of the data suggests potential exposure of employee, partner, and operational information.

Type of Data Exposed: the exposed information may include:

• Personally Identifiable Information (PII) of NASCAR employees: Names, email addresses, and job titles.
• Credential-related details: Potentially access credentials for certain systems.
• Detailed raceway ground maps: Internal layouts and potentially security information of race tracks.
• Internal business documents: Including international business documents, invoices, and financial reports.
• Contact details of third-party services: Information about NASCAR’s partners and vendors.

Cause of the Breach: The cause of the breach is attributed to a ransomware attack by the Medusa group.