Data Breach Report: February 2025 Edition

The February 2025 edition of our Data Breach Report highlights some of the most significant cybersecurity incidents affecting organizations across various industries. From massive data leaks exposing billions of records to targeted ransomware attacks compromising highly sensitive information, this month’s breaches reveal critical vulnerabilities in cybersecurity defenses. Companies spanning IoT technology, healthcare, telecommunications, financial services, and government contractors have all suffered major security lapses, putting millions of individuals at risk of identity theft, financial fraud, and privacy violations. In this report, we break down the key details of each breach, including the scale of the exposure, the types of data compromised, and the underlying causes that led to these incidents.

The Mars Hydro data breach in February 2025 is a significant event highlighting the vulnerabilities within the Internet of Things (IoT) landscape.

Scale of the Breach: A massive 2.7 billion records were exposed in this data breach, highlighting the sheer volume of compromised data.

Type of Data Exposed: The types of data exposed included very sensitive information such as Wi-Fi passwords, IP addresses, and email addresses, which create severe security risks.

Cause of the Breach: The cause of the breach was a misconfigured, non-password-protected database, revealing a critical failure in basic security measures.

The Genea Fertility Clinic data breach in February 2025 resulted from a sophisticated cyberattack by the “Termite” ransomware gang. This incident compromised highly sensitive patient data, including personally identifiable information and detailed medical records.

Scale of the Breach: Approximately 940.7GB of data was exfiltrated, showing the significant volume of patient information that was compromised.

Type of Data Exposed: The breach exposed highly sensitive data, including personally identifiable information like names and addresses, and critical medical details such as Medicare numbers, medical histories, and treatment records, placing patients at considerable risk.

Cause of the Breach: The initial cause of the breach was the exploitation of a vulnerability within a Citrix server, which allowed the attackers to gain unauthorized access to Genea’s network and patient management systems.

Genea Cyber Incident – Update and Support Resources: https://www.genea.com.au/pages/important-update-about-a-cyber-incident-MCI2XUN2KJWRFXNMZI2ZZ3QVD2JA

The Orange Group data breach in February 2025 stemmed from a cyberattack executed by the hacker “Rey,” associated with the HellCat ransomware group. This incident primarily affected Orange Romania, resulting in the exposure of over 600,000 records. Exploiting vulnerabilities in Orange’s systems, the attacker gained unauthorized access and exfiltrated sensitive data, including customer and employee information, email addresses, and partial payment card details.

Scale of the Breach: Over 600,000 records were exposed, and approximately 6.5GB of data was exfiltrated, showing a significant compromise of Orange Group’s information.

Type of Data Exposed: The types of data exposed included sensitive information such as 380,000+ unique email addresses, source code, invoices, contracts, customer and employee records, and partial payment card details of Romanian customers, presenting various risks to those involved.

Cause of the Breach: The cause of the breach involved the exploitation of compromised credentials and vulnerabilities within Orange’s Jira software and internal portals, allowing the attacker unauthorized access to their systems.

The DISA Global Solutions data breach, while discovered in April 2024, resulted in notification letters being sent to affected individuals around February 2025, revealing a significant delay. This incident compromised the sensitive personal information of over 3.3 million people, including Social Security numbers, financial account details, government-issued IDs, and full names.

Scale of the Breach: Over 3.3 million individuals’ personal information was compromised, indicating a large-scale exposure of sensitive data.

Type of Data Exposed: The types of data exposed included highly sensitive information such as Social Security numbers, financial account details, government-issued identification documents, and full names.

Cause of the Breach: The cause of the breach was a cyberattack that infiltrated DISA’s systems, with unauthorized access occurring over a prolonged period, highlighting vulnerabilities in their cybersecurity defenses.

DISA Global Solutions Data Breach Notice: https://ago.vermont.gov/sites/ago/files/documents/2025-02-24%20DISA%20Global%20Solutions%20Data%20Breach%20Notice%20to%20Consumers.pdf

The Finastra data breach, detected in November 2024 with unauthorized access dating back to October 31st, involved a compromise of a Secure File Transfer Platform (SFTP) used for technical support. This resulted in the exposure of personal information, including names and financial account details, of individuals whose data was contained within the accessed files. Finastra, a global financial technology company, conducted an investigation with cybersecurity experts, notified law enforcement, and began notifying affected individuals in February 2025.

Scale of the Breach: The breach involved unauthorized access to a Secure File Transfer Platform (SFTP), indicating a compromise of files containing customer data, with the specific number of affected individuals still being assessed.

Type of Data Exposed: The types of data exposed included personal information such as names and financial account information, which poses risks related to financial fraud and identity theft.

Cause of the Breach: The cause of the breach was unauthorized access to Finastra’s Secure File Transfer Platform (SFTP) used for technical support, highlighting vulnerabilities in their third-party vendor security.

Notice of Data Breach: https://www.mass.gov/doc/2025-249-finastra-technology-inc/download

The Hospital Sisters Health System (HSHS) data breach, stemming from a cyberattack in August 2023, resulted in the compromise of over 882,000 individuals’ personal and health information. While the attack occurred in 2023, the full scope of individuals affected was released in February 2025.

Scale of the Breach: Over 882,000 individuals’ personal and health information was compromised, representing a significant exposure of sensitive patient data.

Type of Data Exposed: The types of data exposed included highly sensitive information such as names, Social Security numbers, medical records, health insurance details, and treatment information.

Cause of the Breach: The cause of the breach was a cyberattack that resulted in unauthorized access to HSHS’s network, indicating vulnerabilities in their cybersecurity defenses that allowed malicious actors to infiltrate their systems.

Data Breach Notification: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/2bf19926-e137-4a41-9773-5429f08343ec.html

The PowerSchool data breach in February 2025 compromised the sensitive information of approximately 62 million students, making it a major cybersecurity incident within the education sector. The breach exposed a wide range of highly sensitive data, including grades, medical histories, Social Security numbers, and restraining order details, raising significant concerns about student privacy and security.

Scale of the Breach: Approximately 62 million student records were compromised, indicating a massive breach affecting a significant portion of the student population.

Type of Data Exposed: The types of data exposed included highly sensitive information such as grades, medical histories, Social Security numbers, and restraining order details.

Cause of the Breach: The cause of the breach was a cyberattack that exploited vulnerabilities in PowerSchool’s systems.

The GrubHub data breach in February 2025 compromised the personal and financial information of customers, merchants, and drivers due to a sophisticated cyberattack. The breach exposed customer names, addresses, order histories, merchant financial details, driver information, and partial credit card data, raising concerns about identity theft and financial fraud.

Scale of the Breach: The breach affected a significant number of customers, merchants, and drivers, though the precise number is still being investigated, indicating a widespread compromise of GrubHub’s user base.

Type of Data Exposed: The types of data exposed included customer names, addresses, order histories, merchant financial information, driver personal information, and partial credit card data.

Cause of the Breach: The cause of the breach was a sophisticated cyberattack that exploited vulnerabilities in GrubHub’s systems.