We’re barely a few months into 2025, however this 12 months has already seen a number of data breaches affecting the private info of tens of millions of people, together with the whole lot from scholar data to cellphone knowledge to delicate well being info.
Final 12 months, 2024, noticed greater than 1 billion data stolen. If the primary two months of this 12 months are something to go by, 2025 appears to be like to be an unprecedented 12 months for data breaches.
PowerSchool breach seemingly impacts tens of tens of millions of scholars and academics
The breach of edtech big PowerSchool is among the greatest breaches of scholar knowledge in latest historical past. Whereas we nonetheless don’t know precisely what number of data had been stolen (PowerSchool has repeatedly refused to reveal this determine), experiences declare that the breach affected greater than 62 million college students and 9.5 million academics in america.
PowerSchool, which gives Ok-12 software program to greater than 18,000 faculties throughout North America, first disclosed the data breach in January. On the time, PowerSchool mentioned that unnamed hackers used a single compromised credential to get into its buyer help portal, granting entry to the wealth of information in its faculty info system, PowerSchool SIS, which faculties use to handle scholar data.
The hackers accessed delicate private info, together with college students’ grades, medical info, and Social Safety numbers. A number of faculties affected by the breach have informed information.killnetswitch that different extremely delicate info, together with extremely delicate scholar knowledge, together with details about restraining orders, was accessed.
PowerSchool hasn’t confirmed or denied the reported 62 million determine, however numerous filings have confirmed that tens of millions of individuals had been affected by the breach. A submitting with the Texas lawyer basic revealed that almost 800,000 state residents had their knowledge stolen, whereas the Rochester Metropolis Faculty District confirmed that 134,000 college students are affected.
PowerSchool just lately confirmed to information.killnetswitch that round 16,000 individuals in the UK additionally had knowledge stolen within the breach.
Musk’s DOGE entry represents an enormous compromise of U.S. federal authorities knowledge
The primary few weeks of the Trump administration noticed a distinct form of breach — and one that can seemingly go down in historical past as the biggest ever compromise of U.S. authorities knowledge.
People working for Elon Musk, who’s behind the Trump administration’s Division of Authorities Effectivity, or DOGE, took management of high federal departments and datasets to entry enormous troves of delicate federal knowledge. DOGE — made up of largely private-sector workers from Musk’s personal companies — seized huge entry to the U.S. authorities’s vital cost techniques containing the private info of tens of millions of Individuals and accountable for disbursing trillions of {dollars} yearly.
Since then, a coalition of greater than a dozen U.S. states have filed a lawsuit to dam Musk’s staff of cost-cutters from accessing authorities techniques that comprise the private knowledge of Individuals. Greater than 100 present and former federal officers have additionally sued Musk’s DOGE company for accessing the delicate personnel data of Individuals with out correct authorization.
Group Well being Heart (CHC), a Connecticut-based nonprofit healthcare supplier, mentioned in January {that a} hacker had accessed the delicate knowledge of greater than 1,000,000 sufferers.
CHC, which gives such providers as school-based healthcare and substance abuse packages, mentioned that the unnamed hacker compromised its community on January 2 to steal sufferers’ private knowledge and delicate well being info. This knowledge consists of sufferers’ addresses, cellphone numbers, diagnoses, remedy particulars, check outcomes, Social Safety numbers, and medical insurance info.
Stalkerware apps Cocospy, Spyic, and Spyzie expose cellphone knowledge of tens of millions of individuals
A trio of stalkerware apps uncovered the private knowledge of tens of millions of people that unwittingly have them planted on their units, a security researcher revealed to information.killnetswitch in February.
The three apps — Cocospy, Spyic, and Spyzie — all share the identical security vulnerability that enables anybody to entry the private knowledge, together with messages, photographs, and name logs, from units which have the apps put in, usually with out the gadget proprietor’s data.
The simple-to-exploit bug additionally exposes the e-mail addresses of the individuals who signed up for the stalkerware apps. That allowed a security researcher to scrape the e-mail addresses of round 3.2 million e-mail addresses of Cocospy, Spyic, and Spyzie prospects, which was offered to breach notification web site Have I Been Pwned.
U.S. worker screening service DISA confirms breach affecting over 3 million individuals
DISA, a Texas-based supplier of worker screening providers, together with drug and alcohol checks and background checks, confirmed in February an enormous data breach that occurred nearly a 12 months earlier in April 2024.
In a submitting with Maine’s lawyer basic, DISA mentioned the breach affected greater than 3.3 million individuals who had undergone worker screening checks. Whereas the corporate mentioned its inside investigation “couldn’t definitively conclude” what particular knowledge was stolen, a separate submitting within the state of Massachusetts confirms that Social Safety numbers, monetary info, and government-issued id paperwork are among the many stolen knowledge.
DISA blamed the breach on an unidentified hacker, who had entry to a portion of the corporate’s community for greater than two months earlier than they had been seen.
