Latest Data Breaches 2025

June 2025 has been another tough month on the cybersecurity front, with millions of people learning that their personal information may have been exposed in major data breaches. Patients, customers, and employees alike are finding themselves caught in the fallout of ransomware attacks and data theft that hit healthcare systems, tech platforms, and even global retailers. From McLaren Health Care and Kettering Health to Zoomcar and Ahold Delhaize, the impact has been widespread, touching everyday lives in ways that go far beyond technology. These stories remind us that behind every breach are real people whose trust and privacy are on the line.

McLaren Health Care, a nonprofit health system based in Michigan, has experienced two major cyberattacks within two years. In a recent incident, McLaren confirmed that a ransomware attack last summer led to the compromise of sensitive data belonging to over 743,000 patients. The attack, which targeted both McLaren's core operations and its Karmanos Cancer Institute, highlights the growing vulnerability of healthcare providers to cybercriminals. While McLaren was able to restore its IT systems relatively quickly, the extensive forensic investigation delayed the notification of affected individuals, with letters being sent out nearly a year after the breach was detected.

Scale of the Breach: The data breach impacted 743,131 individuals. The organization began notifying affected individuals in June 2025, with the investigation into compromised files having concluded the month prior.

Type of Data Exposed: A wide range of sensitive personal and medical information was exposed, including: Names and Social Security numbers, Driver's license numbers, Health insurance information, Medical information, such as billing and claims information, diagnosis, and medical record numbers.

Cause of the Breach: The incident was a ransomware attack by an international group of cybercriminals, with some sources linking the attack to the "Inc. Ransomware" group. The attackers gained unauthorized access to the network over a period of several weeks, from July 17 to August 3, 2024.

Notification: https://www.mclaren.org/main/notice-of-data-security-incident

Episource LLC is a healthcare services company that provides medical coding and risk adjustment services to health plans and providers. In a recent cybersecurity incident, the company discovered a data breach that exposed sensitive patient information. Episource serves as a third-party vendor, meaning that many of the affected individuals may not have been direct customers, but rather patients of healthcare organizations that partner with Episource.

Scale of the Breach: The breach impacted over 5.4 million individuals. The number was officially reported to the U.S. Department of Health and Human Services Office for Civil Rights.

Type of Data Exposed: The stolen information included a wide variety of personal and protected health information (PHI), such as: Contact information (name, address, phone number, email), Health insurance information (policy numbers, member/group IDs, and Medicare/Medicaid identifiers), Medical information (diagnoses, medications, test results, and medical record numbers), Other personal data like dates of birth and, in some cases, Social Security numbers.

Cause of the Breach: The incident was a cyberattack in which an unauthorized party gained access to and copied data from Episource's systems between January 27 and February 6, 2025. While some reports from affected partners referred to it as a ransomware attack, the company's public notice did not explicitly confirm ransomware as the cause, but did state a cybercriminal was able to view and exfiltrate data.

Breach Notification: https://response.idx.us/episource/
https://www.pshpgeorgia.com/newsroom/notice-of-data-breach.html
https://www.vnshealthplans.org/notice-of-episource-llc-data-incident/

Zoomcar, an Indian car-sharing marketplace, has recently experienced a significant data breach. The company, which connects hosts with guests for car rentals, was hit by a cybersecurity incident that compromised the personal information of millions of its users. This is not the first time Zoomcar has been impacted, with a prior breach in 2018 affecting a smaller number of users. The recent incident has raised renewed concerns about data security in the mobility sector, especially for platforms that handle vast amounts of user data.

Scale of the Breach: The cybersecurity incident affected approximately 8.4 million users, a number reported by Zoomcar to the U.S. Securities and Exchange Commission (SEC).

Type of Data Exposed: The stolen data included a wide range of personal information, such as full names, phone numbers, car registration numbers, personal addresses, and email addresses. Zoomcar stated there was no evidence of financial information or plaintext passwords being compromised.

Cause of the Breach: The breach was the result of a cyberattack in which an unauthorized third party gained access to Zoomcar's internal systems. The company became aware of the incident after employees received external communications from the threat actor, who claimed to have accessed the company's data.

FORM 8-K: https://www.sec.gov/Archives/edgar/data/1854275/000121390025054319/ea0245724-8k_zoomcar.htm

Kettering Health, a nonprofit health system with numerous facilities across Ohio, suffered a significant cyberattack that disrupted its operations and compromised patient data. The incident led to a system-wide technology outage, forcing the health system to cancel elective procedures and resort to using paper records. The breach was a result of a ransomware attack by a cybercriminal group that not only encrypted systems but also exfiltrated a large volume of sensitive data, which it later began leaking on the dark web. The incident highlights the critical vulnerabilities of healthcare providers to sophisticated cyber threats.

Scale of the Breach: While the exact number of affected individuals is still being determined, the ransomware group claims to have stolen 941 gigabytes of data, consisting of more than 732,000 files across over 20,000 folders.

Type of Data Exposed: The stolen information is extensive and includes a wide range of sensitive patient and employee data. Examples of the compromised data include names, dates of birth, Social Security numbers, medical record numbers, diagnoses, treatment information, and financial account information, along with scans of identity documents like driver's licenses and passports.

Cause of the Breach: The incident was a ransomware attack by the cybercriminal group known as Interlock. The attackers gained unauthorized access to Kettering Health's network and spent several weeks inside before launching the attack, which involved both data exfiltration and the encryption of files.

Breach Notification: https://ketteringhealth.org/notice-of-privacy-incident/

Ahold Delhaize, a global food retail conglomerate with well-known U.S. brands like Food Lion, Stop & Shop, and Giant Food, experienced a significant cyberattack that compromised the data of millions. The incident, which occurred in November 2024, not only disrupted some of its business operations, including e-commerce and pharmacy services, but also led to the exfiltration of a large volume of sensitive data. The company has since been working with cybersecurity experts and law enforcement to investigate the breach and notify affected individuals of the potential exposure.

Scale of the Breach: The data breach impacted over 2.2 million individuals. This includes current and former employees, their dependents, and others whose information was in the company's internal U.S. business systems.

Type of Data Exposed: A wide array of sensitive personal, financial, and health information was stolen, including names, dates of birth, government-issued identification numbers (Social Security, passport, and driver's license), bank account information, and medical details found within employment records.

Cause of the Breach: The incident was a ransomware attack perpetrated by the INC Ransom group. The attackers gained unauthorized access to the company's U.S. network and exfiltrated a massive amount of data, threatening to leak it on the dark web after Ahold Delhaize refused to pay the ransom.

Notice: https://www.aflac.com/docs/aflac-cyber-incident-6-24-2025.pdf

April 2025 marked a concerning month in cybersecurity, with data breaches impacting a wide array of industries—from healthcare and finance to telecommunications and even professional sports. Millions of individuals had their sensitive data compromised as a result of ransomware attacks, third-party vulnerabilities, software misconfigurations, and unauthorized access incidents. High-profile organizations like Yale New Haven Health System, Blue Shield of California, and NASCAR found themselves in the crosshairs, while software providers like Cleo became conduits for broader compromise across their customer bases.

This report outlines the most significant data breaches disclosed in April 2025, highlighting the scale, causes, and data exposed in each incident to shed light on emerging cyber threats and the ongoing challenges of securing personal and organizational information.

Yale New Haven Health System (YNHHS) is a large, integrated healthcare delivery system serving patients across Connecticut and parts of Rhode Island. In April 2025, YNHHS disclosed a significant data breach stemming from unauthorized access to their network in March. This incident compromised the personal and medical information of millions of individuals.

Scale of the Breach: Approximately 5.5 million individuals were affected by this cybersecurity incident.

Type of Data Exposed: A range of sensitive data was compromised, including names, dates of birth, addresses, contact information, race/ethnicity, Social Security numbers, and medical record numbers.

Cause of the Breach: While not officially confirmed, Detected on March 8, 2025, this breach was likely a ransomware attack, where unauthorized access led to the exfiltration of data.

Official Notification: https://www.ynhhs.org/news/yale-new-haven-health-notifies-patients-of-data-security-incident

Cleo provides file transfer software, and recently, its platform was affected by a security vulnerability. This vulnerability was exploited by cybercriminals, resulting in data breaches at organizations that utilize Cleo's software for file transfers.

Scale of the Breach: The breach has impacted multiple organizations, with data being exfiltrated from companies like Hertz and WK Kellogg.

Type of Data Exposed: The data exposed varies, but includes sensitive information such as employee records, personal data, and confidential business files.

Cause of the Breach: The breach was caused by the exploitation of vulnerabilities in Cleo's file transfer software, including flaws that allowed unauthorized file uploads/downloads and command execution.

Texas-based company providing employee benefits and HR administration services, experienced a significant data breach. The company disclosed that a cyberattack on April 14, 2025, initially detected in February 2024, compromised the personal information of approximately 4 million individuals.

Scale of the Breach: Approximately 4 million individuals were affected.

Type of Data Exposed: Sensitive personal information, including full names, addresses, dates of birth, gender information, and Social Security Numbers.

Cause of the Breach: The exact cause has not been publicly disclosed, but it involved "unauthorized access" to VeriSource's network.

Official Notification: http://www.verisource.com/Incident.html

A major health insurance provider, experienced a data breach affecting approximately 4.7 million members due to a misconfiguration of Google Analytics on some of its websites. This error, which occurred between April 2021 and January 2024, inadvertently shared protected health information with Google's advertising services.

Scale of the Breach: Approximately 4.7 million Blue Shield of California members were affected.

Type of Data Exposed: Protected health information including insurance details, demographic information, service dates, providers, patient names, financial responsibility, and search activity.

Cause of the Breach: A misconfiguration of Google Analytics on certain Blue Shield websites.

Official Notification: https://news.blueshieldca.com/notice-of-data-breach

DBS Group and Bank of China (Singapore branch) both utilize Toppan Next Tech for printing services related to customer statements and letters. In early April 2025, TNT reported a ransomware attack on their systems, which led to the extraction of some customer data belonging to both banks.

Scale of the Breach:

• DBS: Approximately 8,200 customers had their statements or letters potentially compromised. The majority of these related to DBS Vickers (brokerage) accounts and some Cashline (short-term loan) accounts.
• Bank of China (Singapore): Around 3,000 personal banking customers were affected, whose paper notifications were printed and distributed by TNT.

Type of Data Exposed:

• DBS: The potentially compromised information included first and last names, postal addresses, and details relating to equities held under DBS Vickers and Cashline loans.
• Bank of China (Singapore): The data exposed included customer names, addresses, and in some cases, loan account numbers.

Cause of the Breach:

The root cause was a ransomware attack on Toppan Next Tech's (TNT) systems. The attackers gained unauthorized access to TNT's network and extracted data. The banks' own systems were not directly compromised in this incident, highlighting the risks associated with third-party vendors in the supply chain.

A major telecommunications provider in Africa and Asia, recently disclosed a cybersecurity incident in late April 2025 that resulted in unauthorized access to the personal information of some of its customers across certain markets.

Scale of the Breach: The exact number of affected customers and the specific markets involved are still under investigation and haven't been fully disclosed by MTN. However, MTN Ghana has confirmed that approximately 5,700 of their customers may have been impacted.

Type of Data Exposed: MTN has indicated that the information accessed was personal information of some customers. While the specifics are still being determined, reports suggest it includes names, surnames, and mobile numbers.

Cause of the Breach: MTN has only stated that an "unknown third party" gained "unauthorized access to data linked to parts of our systems." The company has not yet provided details on the specific vulnerability exploited or the methods used by the attackers.

Official Notification: https://www.mtn.com/mtn-cybersecurity-incident-but-critical-infrastructure-secure/

NASCAR, the National Association for Stock Car Auto Racing, reportedly experienced a significant cybersecurity incident in early April 2025. The Medusa ransomware group claimed responsibility for the attack, alleging they exfiltrated over one terabyte of data from NASCAR's systems.

Scale of the Breach: The Medusa ransomware group claims to have stolen over 1 terabyte of data. The exact number of individuals affected is unclear, but the nature of the data suggests potential exposure of employee, partner, and operational information.

Type of Data Exposed: the exposed information may include:

• • Personally Identifiable Information (PII) of NASCAR employees: Names, email addresses, and job titles.
  • Credential-related details: Potentially access credentials for certain systems.
  • Detailed raceway ground maps: Internal layouts and potentially security information of race tracks.
  • Internal business documents: Including international business documents, invoices, and financial reports.

• Contact details of third-party services: Information about NASCAR's partners and vendors.

Cause of the Breach: The cause of the breach is attributed to a ransomware attack by the Medusa group.

March 2025 has proven to be a stark reminder of the escalating cyber threats facing organizations across diverse sectors, from education and finance to healthcare and technology. This month's data breach report reveals a series of alarming incidents, each highlighting the vulnerabilities inherent in our increasingly interconnected digital landscape. From the massive exposure of applicant data at New York University to the alleged compromise of Oracle Cloud's legacy systems, and the ransomware attacks targeting Jaguar Land Rover and the Pennsylvania State Education Association, the sheer scale and sensitivity of the data compromised underscore the urgent need for enhanced cybersecurity measures.

On March 22, 2025, New York University (NYU) experienced a significant data breach where a hacker redirected the university's website and exposed the personal information of over 3 million applicants dating back to 1989.

Scale of the Breach: The breach exposed the personal information of over 3 million applicants to NYU. This includes both accepted and rejected students.

Type of Data Exposed: A wide range of sensitive personal details was compromised, including names, test scores (SAT/ACT), GPAs, intended majors, demographic information, family backgrounds, and financial aid details.

Cause of the Breach: The breach occurred due to unauthorized access to NYU's IT systems, allowing a hacker to redirect web traffic and access underlying databases containing applicant information

The alleged Oracle Cloud data breach in March 2025 involved a significant cybersecurity incident in which a threat actor claimed to have compromised approximately 6 million records from Oracle Cloud's systems.

Oracle initially denied any compromise of its core Oracle Cloud infrastructure but later reports indicate that Oracle has privately acknowledged to certain customers that a breach did occur, albeit affecting older "legacy environments."

Scale of the Breach: The threat actor claims to have compromised approximately 6 million records, potentially affecting over 140,000 Oracle Cloud tenants, indicating a very broad impact.

Type of Data Exposed: Highly sensitive credentials were reportedly exposed, including Java KeyStore (JKS) files, encrypted passwords and password hashes, key files, and Java Process Status (JPS) keys, all of which could allow for significant unauthorized access.

Cause of the Breach: There are conflicting reports, but evidence points to the exploitation of vulnerabilities within Oracle's systems, possibly related to older "legacy enviroments" of Oracle cloud, and potentially related to vulnerabilities within Oracle Fusion Middleware instances that could allow unauthorized access via Oracle Access Manager.

Jaguar Land Rover (JLR) experienced a significant data breach in March 2025, attributed to the HELLCAT ransomware group, which resulted in the exposure of internal documents, source code, tracking data, and employee credentials. The breach was facilitated by compromised login information, including credentials from an LG Electronics employee, highlighting the interconnectedness of supply chain vulnerabilities.

Scale of the Breach: The breach involved the exfiltration of 700 documents in the first wave and 350 gigabytes of data in the second wave, impacting internal operations and potentially compromising sensitive information.

Type of Data Exposed: Compromised data included internal documents, source code, tracking data, and employee credentials, posing risks to intellectual property and employee privacy.

Cause of the Breach: The breach was caused by the exploitation of compromised credentials, including those obtained through infostealer malware, and the subsequent use of those credentials by the HELLCAT ransomware group to gain access to JLR's systems.

The SpyX stalkerware app data breach in March 2025 exposed highly sensitive personal information of nearly 2 million individuals, raising serious privacy and safety concerns.

Scale of the Breach: Nearly 2 million individuals were affected, indicating a massive exposure of personal data from users of the SpyX stalkerware application.

Type of Data Exposed: Highly sensitive data including iCloud usernames and passwords (in plaintext), email addresses, IP addresses, device information, and potentially messages and photos were exposed, posing a significant risk to user privacy and security.

Cause of the Breach: The breach resulted from a severe security lapse, specifically the lack of proper authentication and protection for the app's user database, making it easily accessible to unauthorized individuals.

Have I Been Pwned: https://haveibeenpwned.com/PwnedWebsites#SpyX

Angel One, a major Indian stock brokerage firm, disclosed a data breach in March 2025, revealing unauthorized access to client information stored in its Amazon Web Services (AWS) account. While Angel One assured clients that their funds and securities remained secure, the incident raised concerns about cybersecurity practices within the financial sector and impacted the company's stock value.

Scale of the Breach: The scale of the breach involved the compromise of client information stored within Angel One's AWS environment, though the precise number of affected clients has not been publicly released.

Type of Data Exposed: The exposed data consisted of client information held within the company's AWS account, which although Angel one has not released the type of data, it is assumed to be contact information, and potentially financial information.

Cause of the Breach: The breach resulted from unauthorized access to Angel One's AWS account, with the specific vulnerability exploited still under investigation, but it shows a weakness within the security of their cloud storage.

Western Alliance Bank experienced a data breach in March 2025, stemming from the exploitation of a zero-day vulnerability in a third-party secure file transfer tool provided by Cleo. The Clop ransomware group gained unauthorized access, compromising the sensitive personal information of approximately 22,000 customers. The breach, which occurred in October 2024 but was disclosed in March 2025.

Scale of the Breach: Approximately 22,000 customers' personal information was compromised, indicating a significant exposure of sensitive financial and personal data.

Type of Data Exposed: The exposed data included highly sensitive information such as names, Social Security numbers, dates of birth, financial account numbers, driver's license numbers, tax identification numbers, and passport information, creating a substantial risk of identity theft.

Cause of the Breach: The breach was caused by the exploitation of a zero-day vulnerability in a third-party secure file transfer tool provided by Cleo, allowing the Clop ransomware group to gain unauthorized access to Western Alliance Bank's systems.

The Pennsylvania State Education Association (PSEA), a labor union representing public school employees, experienced a significant data breach in March 2025, impacting over 500,000 individuals. The Rhysida ransomware group claimed responsibility for the attack, which resulted in the exposure of highly sensitive personal information.

Scale of the Breach: Over 500,000 individuals were affected, which includes current and former members and their dependents, making it a very large scale data breach.

Type of Data Exposed: The compromised data included highly sensitive information such as Social Security numbers, driver's license and state ID numbers, financial account information, payment card details, passport numbers, medical information, and taxpayer ID numbers, significantly increasing the risk of identity theft.

Cause of the Breach: The breach was caused by a ransomware attack carried out by the Rhysida ransomware group, which gained unauthorized access to PSEA's systems and exfiltrated sensitive data.

Official Notification: https://www.psea.org/pages-without-a-home/notice-of-data-security-incident/

California Cryobank (CCB), a company specializing in sperm and egg donation services, experienced a data breach in March 2025, revealing unauthorized access to customer data from April 2024. The breach, discovered in October 2024 and CCB began sending out data breach notification letters to affected individuals in March 2025.

Scale of the Breach: The scale of the breach involved the potential compromise of customer data stored within CCB's IT environment, affecting individuals who have utilized their services.

Type of Data Exposed: The exposed data included sensitive personal information such as names, driver's license numbers, bank account and routing numbers, Social Security numbers (SSN), and health insurance information, which poses a significant risk of identity theft and privacy violations.

Cause of the Breach: The breach was caused by unauthorized access to CCB's IT environment, with the specific vulnerability exploited still under investigation, but it resulted in the potential access and/or acquisition of files containing customer data.

Data Breach Notification: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/6b6aacae-67b7-414e-be1a-ea17b44a7f12.html

Numotion, a provider of complex rehabilitation technology, experienced a significant data breach in March 2025, stemming from unauthorized access to employee email accounts between September and November 2024.

Scale of the Breach: Nearly half a million individuals were affected, demonstrating a large-scale exposure of sensitive data.

Type of Data Exposed: The compromised data included full names, dates of birth, payment information, financial account information, product information, health insurance details, medical information, driver's license numbers, and Social Security numbers, encompassing a wide range of highly sensitive personal and medical data.

Cause of the Breach: The breach resulted from unauthorized access to employee email accounts, likely due to phishing attacks, which allowed attackers to access and exfiltrate sensitive customer information.

Data Breach Notification: https://www.numotion.com/data-security-incident

The February 2025 edition of our Data Breach Report highlights some of the most significant cybersecurity incidents affecting organizations across various industries. From massive data leaks exposing billions of records to targeted ransomware attacks compromising highly sensitive information, this month's breaches reveal critical vulnerabilities in cybersecurity defenses. Companies spanning IoT technology, healthcare, telecommunications, financial services, and government contractors have all suffered major security lapses, putting millions of individuals at risk of identity theft, financial fraud, and privacy violations. In this report, we break down the key details of each breach, including the scale of the exposure, the types of data compromised, and the underlying causes that led to these incidents.

The Mars Hydro data breach in February 2025 is a significant event highlighting the vulnerabilities within the Internet of Things (IoT) landscape.

Scale of the Breach: A massive 2.7 billion records were exposed in this data breach, highlighting the sheer volume of compromised data.

Type of Data Exposed: The types of data exposed included very sensitive information such as Wi-Fi passwords, IP addresses, and email addresses, which create severe security risks.

Cause of the Breach: The cause of the breach was a misconfigured, non-password-protected database, revealing a critical failure in basic security measures.

The Genea Fertility Clinic data breach in February 2025 resulted from a sophisticated cyberattack by the "Termite" ransomware gang. This incident compromised highly sensitive patient data, including personally identifiable information and detailed medical records.

Scale of the Breach: Approximately 940.7GB of data was exfiltrated, showing the significant volume of patient information that was compromised.

Type of Data Exposed: The breach exposed highly sensitive data, including personally identifiable information like names and addresses, and critical medical details such as Medicare numbers, medical histories, and treatment records, placing patients at considerable risk.

Cause of the Breach: The initial cause of the breach was the exploitation of a vulnerability within a Citrix server, which allowed the attackers to gain unauthorized access to Genea's network and patient management systems.

Genea Cyber Incident – Update and Support Resources: https://www.genea.com.au/pages/important-update-about-a-cyber-incident-MCI2XUN2KJWRFXNMZI2ZZ3QVD2JA

The Orange Group data breach in February 2025 stemmed from a cyberattack executed by the hacker "Rey," associated with the HellCat ransomware group. This incident primarily affected Orange Romania, resulting in the exposure of over 600,000 records. Exploiting vulnerabilities in Orange's systems, the attacker gained unauthorized access and exfiltrated sensitive data, including customer and employee information, email addresses, and partial payment card details.

Scale of the Breach: Over 600,000 records were exposed, and approximately 6.5GB of data was exfiltrated, showing a significant compromise of Orange Group's information.

Type of Data Exposed: The types of data exposed included sensitive information such as 380,000+ unique email addresses, source code, invoices, contracts, customer and employee records, and partial payment card details of Romanian customers, presenting various risks to those involved.

Cause of the Breach: The cause of the breach involved the exploitation of compromised credentials and vulnerabilities within Orange's Jira software and internal portals, allowing the attacker unauthorized access to their systems.

The DISA Global Solutions data breach, while discovered in April 2024, resulted in notification letters being sent to affected individuals around February 2025, revealing a significant delay. This incident compromised the sensitive personal information of over 3.3 million people, including Social Security numbers, financial account details, government-issued IDs, and full names.

Scale of the Breach: Over 3.3 million individuals' personal information was compromised, indicating a large-scale exposure of sensitive data.

Type of Data Exposed: The types of data exposed included highly sensitive information such as Social Security numbers, financial account details, government-issued identification documents, and full names.

Cause of the Breach: The cause of the breach was a cyberattack that infiltrated DISA's systems, with unauthorized access occurring over a prolonged period, highlighting vulnerabilities in their cybersecurity defenses.

DISA Global Solutions Data Breach Notice: https://ago.vermont.gov/sites/ago/files/documents/2025-02-24%20DISA%20Global%20Solutions%20Data%20Breach%20Notice%20to%20Consumers.pdf

The Finastra data breach, detected in November 2024 with unauthorized access dating back to October 31st, involved a compromise of a Secure File Transfer Platform (SFTP) used for technical support. This resulted in the exposure of personal information, including names and financial account details, of individuals whose data was contained within the accessed files. Finastra, a global financial technology company, conducted an investigation with cybersecurity experts, notified law enforcement, and began notifying affected individuals in February 2025.

Scale of the Breach: The breach involved unauthorized access to a Secure File Transfer Platform (SFTP), indicating a compromise of files containing customer data, with the specific number of affected individuals still being assessed.

Type of Data Exposed: The types of data exposed included personal information such as names and financial account information, which poses risks related to financial fraud and identity theft.

Cause of the Breach: The cause of the breach was unauthorized access to Finastra's Secure File Transfer Platform (SFTP) used for technical support, highlighting vulnerabilities in their third-party vendor security.

Notice of Data Breach: https://www.mass.gov/doc/2025-249-finastra-technology-inc/download

The Hospital Sisters Health System (HSHS) data breach, stemming from a cyberattack in August 2023, resulted in the compromise of over 882,000 individuals' personal and health information. While the attack occurred in 2023, the full scope of individuals affected was released in February 2025.

Scale of the Breach: Over 882,000 individuals' personal and health information was compromised, representing a significant exposure of sensitive patient data.

Type of Data Exposed: The types of data exposed included highly sensitive information such as names, Social Security numbers, medical records, health insurance details, and treatment information.

Cause of the Breach: The cause of the breach was a cyberattack that resulted in unauthorized access to HSHS's network, indicating vulnerabilities in their cybersecurity defenses that allowed malicious actors to infiltrate their systems.

Data Breach Notification: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/2bf19926-e137-4a41-9773-5429f08343ec.html

The PowerSchool data breach in February 2025 compromised the sensitive information of approximately 62 million students, making it a major cybersecurity incident within the education sector. The breach exposed a wide range of highly sensitive data, including grades, medical histories, Social Security numbers, and restraining order details, raising significant concerns about student privacy and security.

Scale of the Breach: Approximately 62 million student records were compromised, indicating a massive breach affecting a significant portion of the student population.

Type of Data Exposed: The types of data exposed included highly sensitive information such as grades, medical histories, Social Security numbers, and restraining order details.

Cause of the Breach: The cause of the breach was a cyberattack that exploited vulnerabilities in PowerSchool's systems.

The GrubHub data breach in February 2025 compromised the personal and financial information of customers, merchants, and drivers due to a sophisticated cyberattack. The breach exposed customer names, addresses, order histories, merchant financial details, driver information, and partial credit card data, raising concerns about identity theft and financial fraud.

Scale of the Breach: The breach affected a significant number of customers, merchants, and drivers, though the precise number is still being investigated, indicating a widespread compromise of GrubHub's user base.

Type of Data Exposed: The types of data exposed included customer names, addresses, order histories, merchant financial information, driver personal information, and partial credit card data.

Cause of the Breach: The cause of the breach was a sophisticated cyberattack that exploited vulnerabilities in GrubHub's systems.

January 2025 has already proven to be a stark reminder of the ever-present threat of data breaches, with a disturbing wave of incidents impacting millions of individuals and organizations across various sectors. From healthcare providers and law firms to global corporations and government agencies, the past month has exposed vulnerabilities and highlighted the critical need for robust cybersecurity measures.

This month's data breach report delves into the most significant incidents of January 2025, examining the scale of each breach, the types of data exposed, and the potential implications for those affected.

In January 2025, Gravy Analytics suffered a significant data breach that exposed the personal information of millions of people worldwide. The breach occurred when a hacker exploited a compromised credential to access Gravy's cloud storage on Amazon's servers.

Scale of the Breach: While the full extent is still under investigation, reports suggest the breach could involve the location data of millions of individuals. Gravy Analytics is known to track over a billion devices globally, collecting over 17 billion signals from smartphones daily.

Type of Data Exposed: The exposed data includes precise location data points, revealing exactly where people have been, lived, worked, and traveled.

Cause of the Breach: The breach was reportedly caused by a "misappropriated key" that allowed unauthorized access to Gravy Analytics' AWS cloud storage environment.

Globe Life Inc., the parent company of American Income Life Insurance Company, disclosed a significant data breach in January 2025.This breach, initially reported in mid-2024, affected approximately 850,000 individuals, a substantial increase from the initial estimate of 5,000.

Scale of the Breach: The breach affected around 850,000 individuals, significantly more than the initially estimated 5,000.

Type of Data Exposed: The exposed data included names, Social Security numbers, contact details, dates of birth, health information, and insurance details.

Cause of the Breach: The breach, discovered on June 13, 2024, involved unauthorized access to databases maintained by a few independent agency owners.

SEC filing: https://www.sec.gov/ix?doc=/Archives/edgar/data/320335/000032033525000004/gl-20241017.htm

Conduent, a major business process outsourcing and IT services provider experienced a significant cybersecurity incident in January 2025. This incident caused disruptions to services across multiple states, particularly affecting government agencies and their ability to process payments and provide essential services.

Scale of the Breach: It's unclear how many individuals were directly affected, but the incident disrupted services in at least four states, suggesting a potentially large-scale impact. Conduent handles data for numerous government agencies, so the potential reach is significant.

Type of Data Exposed: Conduent provides services related to child support, food assistance, and other social programs. This means they likely handle sensitive personal information, including: Names, Social Security numbers, Addresses, Dates of birth, Financial information, Possibly health information in some cases.

Cause of the Breach: Conduent only stated that the disruptions were caused by a "cybersecurity incident." They haven't provided details about the specific attack vector.

The International Civil Aviation Organization (ICAO), responsible for setting global aviation standards, suffered a data breach in January 2025, impacting nearly 12,000 individuals. This breach raises serious concerns, as the compromised data included records from key aviation regulatory bodies. Experts suggest the motive may extend beyond financial gain to espionage, targeting individuals with critical knowledge of aviation safety protocols and systems.

Scale of the Breach: Initially, a hacker claimed to have accessed 42,000 sensitive documents. After investigation, ICAO confirmed that nearly 12,000 individuals were affected.

Type of Data Exposed: The compromised data included personally identifiable information (PII) of job applicants from 2016 to 2024. This PII included names, email addresses, dates of birth, and employment history.

Cause of the Breach: The attack was reportedly executed through an SQL Injection vulnerability in a web application.

Official Statement: https://www.icao.int/Newsroom/Pages/ICAO-statement-on-reported-security-incident.aspx

Community Health Center, Inc. (CHC), a non-profit healthcare provider in Connecticut, suffered a significant data breach in January 2025, impacting over one million individuals. CHC detected unauthorized network activity and confirmed data exfiltration. This breach puts individuals at risk of identity theft, financial fraud, and potential misuse of their medical information.

Scale of the Breach: The breach affected approximately 1,060,936 individuals, including current and former patients and those who received COVID tests or vaccines at CHC clinics.

Type of Data Exposed: The compromised data included a wide range of sensitive personal, financial, and health information.

Cause of the Breach: CHC detected unusual activity on its computer network on January 2, 2025, indicating a potential data breach. An investigation revealed that an unauthorized third party had gained access to their systems and potentially copied files containing sensitive information.

Data Breach Notification: https://www.maine.gov/cgi-bin/agviewerad/ret?loc=1849

HCF Management, which operates 31 long-term care facilities in Ohio and Pennsylvania, suffered a significant data breach in 2024 that came to light in January 2025 as they have started sending letters to thousands of patients informing them of a data breach that gained access to their names, dates of birth, Social Security numbers, and other sensitive information.

Scale of the Breach: Approximately 70,000 residents of HCF Management-operated facilities were affected. The breach impacted residents across multiple facilities, including HCF Corry Manor, HCF Warren Manor, HCF Shawnee Manor, and HCF Edinboro Manor.

Type of Data Exposed: The compromised data included a variety of sensitive personal and medical information.

Cause of the Breach: The breach was the result of a cyberattack where hackers gained access to HCF Management's network. The intrusion was detected on October 3, 2024, but the investigation revealed that the network had been infiltrated as early as September 17, 2024.

The law firm Wolf Haldenstein experienced a substantial data breach in January 2025, impacting approximately 3.4 million individuals. The breach, discovered in December 2023 but disclosed later, exposed highly sensitive personal and protected health information.

Scale of the Breach: The breach affected approximately 3.4 million individuals, making it one of the largest data breaches to occur at a law firm.

Type of Data Exposed: The compromised data included sensitive personal and protected health information (PHI),

Cause of the Breach: The law firm detected suspicious activity in its network environment on December 13, 2023. An investigation revealed that an unauthorized actor had gained access to certain files and data stored within the network.