We’re barely a few months into 2025, however this yr has already seen a number of knowledge breaches affecting the non-public info of tens of millions of people, together with the whole lot from pupil data to cellphone knowledge and delicate well being info.
Final yr, 2024, noticed more than one billion records stolen. If the primary two months of this yr are something to go by, 2025 appears to be like set to be an unprecedented yr for knowledge breaches.
PowerSchool breach doubtless impacts tens of tens of millions of scholars and academics
The breach of ed-tech big PowerSchool is likely one of the largest breaches of pupil knowledge in latest historical past. Whereas we nonetheless don’t know precisely what number of data have been stolen (PowerSchool has repeatedly refused to disclose this figure), reviews declare that the breach affected greater than 62 million college students and 9.5 million academics in the US.
PowerSchool, which supplies Okay-12 software program to greater than 18,000 faculties throughout North America, first disclosed the data breach in January. On the time, PowerSchool mentioned that unnamed hackers used a single compromised credential to entry its buyer assist portal, granting entry to the wealth of information in its faculty info system, PowerSchool SIS, which faculties use to handle pupil data.
The hackers accessed delicate private info, together with college students’ grades, medical info, and Social Safety numbers. A number of faculties affected by the breach have informed TechCrunch that different extremely delicate info, together with highly sensitive student data, together with details about restraining orders, was accessed.
PowerSchool hasn’t confirmed or denied the reported 62 million determine, however various filings have confirmed that tens of millions of individuals have been affected by the breach. A submitting with the Texas lawyer common revealed that almost 800,000 state residents had their knowledge stolen, whereas the Rochester Metropolis Faculty District confirmed that 134,000 college students are affected.
PowerSchool lately confirmed to TechCrunch that around 16,000 people in the United Kingdom also had data stolen within the breach.
Musk’s DOGE entry represents an enormous compromise of U.S. federal authorities knowledge
The primary few weeks of the Trump administration noticed a distinct form of breach — and one that may doubtless go down in historical past because the largest ever compromise of U.S. government data.
People working for Elon Musk, who’s behind the Trump administration’s so-called Division of Authorities Effectivity, or DOGE, took management of prime federal departments and datasets to entry enormous troves of delicate federal knowledge. DOGE — made up of mostly private-sector employees from Musk’s own businesses — seized vast entry to the U.S. authorities’s vital fee techniques containing the non-public info of tens of millions of Individuals and chargeable for disbursing trillions of {dollars} yearly.
Since then, a coalition of greater than a dozen U.S. states have filed a lawsuit to dam Musk’s crew of cost-cutters from accessing authorities techniques that comprise the non-public knowledge of Individuals. More than 100 current and former federal officials have also sued Musk’s DOGE agency for accessing the delicate personnel data of Individuals with out correct authorization.
Group Well being Heart, a Connecticut-based nonprofit healthcare supplier, mentioned in January {that a} hacker had accessed the sensitive data of more than a million patients.
CHC, which supplies companies together with school-based healthcare and substance abuse applications, mentioned that the unnamed hacker compromised its community on January 2 to steal sufferers’ private knowledge and delicate well being info. This knowledge consists of sufferers’ addresses, cellphone numbers, diagnoses, remedy particulars, take a look at outcomes, Social Safety numbers, and medical health insurance info.
Stalkerware apps Cocospy, Spyic, and Spyzie expose cellphone knowledge of tens of millions of individuals
A trio of stalkerware apps uncovered the non-public knowledge of tens of millions of people that unwittingly have them planted on their gadgets, a security researcher revealed to TechCrunch in February.
The three apps — Cocospy, Spyic, and Spyzie — all share the identical safety vulnerability that permits anybody to entry the non-public knowledge, together with messages, pictures, and name logs, from gadgets which have the apps put in, usually with out the machine house owners’ data.
The straightforward-to-exploit bug additionally exposes the e-mail addresses of the individuals who signed up for the stalkerware apps. That allowed a safety researcher to scrape the e-mail addresses of round 3.2 million e-mail addresses of Cocospy, Spyic, and Spyzie prospects, which was supplied to breach notification website Have I Been Pwned.
U.S. worker screening service DISA confirms breach affecting over 3 million folks
DISA, a Texas-based supplier of worker screening companies together with drug and alcohol checks and background checks, confirmed in February a large knowledge breach that occurred nearly a yr earlier in April 2024.
In a submitting with Maine’s lawyer common, DISA said the breach affected more than 3.3 million people who had undergone worker screening checks. Whereas the corporate mentioned its inside investigation “couldn’t definitively conclude” what particular knowledge was stolen, a separate submitting within the state of Massachusetts confirms that Social Safety numbers, monetary info, and government-issued id paperwork are among the many stolen knowledge.
DISA blamed the breach on an unidentified hacker, who had entry to a portion of the corporate’s community for greater than two months earlier than they have been seen.
About The Author
