List of Recent Data Breaches in 2025–2024

In an increasingly digital world, the threat of data breaches looms larger than ever. From multinational corporations to individual users, no one is immune.

The headlines are filled with stories of compromised personal information, stolen financial data, and disrupted services, painting a stark picture of our vulnerability.

This blog will delve into the recent surge of data breaches, examining the causes, consequences, and crucial steps we can take to protect ourselves.

We’ll explore the latest trends, analyze the impact on businesses and consumers, and discuss the evolving landscape of cybersecurity.

Let’s begin!

Data Breaches That Occurred in April 2025

1. DBS Group and Bank of China (Singapore)

A ransomware attack on Toppan Next Tech (TNT), a third-party data vendor, potentially compromised customer information from Singapore’s DBS Group and the Bank of China (BoC) Singapore branch. DBS reported that approximately 8,200 client statements might have been exposed, mainly affecting its trading platform DBS Vickers and cashline loan accounts.

BoC disclosed that data from around 3,000 customers, used in printed correspondence managed by TNT, were potentially compromised. The leak possibly includes names, addresses, and loan account numbers. Both banks emphasized that their core systems, customer deposits, and monies remain secure. (Reuters )

2. NationsBenefits Holdings Data Leak

NationsBenefits Holdings, a HIPAA business associate, reported a data breach impacting over 3 million individuals.

The breach was part of a data theft and extortion attack by the Clop ransomware group, exploiting vulnerabilities in the Fortra GoAnywhere MFT solution. The compromised data included protected health information (PHI). (​HIPAA Journal)

3. Evide

Evide, a data storage company based in Northern Ireland, suffered a ransomware attack that compromised data from approximately 140 organizations, including charities supporting survivors of sexual abuse.

The breach exposed personal data such as phone numbers and email addresses. Investigations were conducted by the Police Service of Northern Ireland and the Garda National Cyber Crime Bureau.( ​Wikipedia)

4. Consumer Financial Protection Bureau (CFPB)

The CFPB experienced a significant security breach when a former employee transferred confidential information on approximately 256,000 consumers and 45 financial institutions to their personal email account.

The unauthorized transfer involved personally identifiable information (PII) of consumers. The breach was disclosed to the public on April 24, 2023. (​Wikipedia)

5. 23andMe

Genetic testing company 23andMe disclosed a data breach that occurred between April and September 2023, affecting nearly 7 million users. Hackers accessed sensitive data, including health reports and genetic information.

The breach particularly targeted individuals of Chinese and Ashkenazi Jewish ancestry. A $30 million settlement was reached, providing affected customers with cash payments and enrollment in a three-year Privacy & Medical Shield and Genetic Monitoring program. (Reuters)

Data Breaches That Occurred in March 2025

1. Oracle Cloud

On March 21, 2025, a threat actor known as “rose87168” was discovered selling 6 million records exfiltrated from Oracle Cloud’s Single Sign-On (SSO) and LDAP systems. The compromised data included Java KeyStore (JKS) files, encrypted SSO passwords, key files, and enterprise manager JPS keys.

This breach affected over 140,000 tenants, highlighting vulnerabilities in cloud infrastructure and the risks associated with third-party service providers. (Strobes)​

2. Bank Sepah Data Breach

In early March 2025, Iranian financial institution Bank Sepah suffered a major cyber intrusion by a hacker collective known as “Codebreakers.” The attackers claimed to have accessed over 42 million customer records, including account numbers, passwords, mobile phone numbers, residential addresses, and bank transaction histories.

The breach exposed sensitive financial data, particularly affecting military and government sectors. The bank initially denied the breach but later issued warnings to local media against publishing the leaked data.( Wikipedia)​

3. Pennsylvania State Education Association (PSEA)

In March 2025, the Pennsylvania State Education Association (PSEA), a labor union representing public school employees, experienced a significant data breach. The Rhysida ransomware group claimed responsibility for the attack, which resulted in the exposure of highly sensitive personal information of over 500,000 individuals.

The breach underscored vulnerabilities in the cybersecurity measures of educational institutions and the potential risks to personal data.( PKWARE®) ​

4. Australian Superannuation Funds

Several major Australian superannuation funds, including AustralianSuper, Rest Super, Australian Retirement Trust, Hostplus, and Insignia Financial, were targeted in a coordinated cyber attack affecting thousands of member accounts. The breach primarily involved “credential stuffing,” where hackers used previously stolen passwords to log into accounts.

Four AustralianSuper customers alone lost $500,000. Although some funds reported no stolen money, they confirmed unauthorized login attempts. Australian authorities are investigating the breach and urging financial institutions to enhance their cyber defenses. ​ (ABC)

5. NSW Department of Communities and Justice Data Breach

In March 2025, the New South Wales Department of Communities and Justice (DCJ) experienced a significant data breach involving unauthorized access to the state’s secure online court registry system. An unknown hacker accessed at least 9,000 sensitive court documents, including apprehended violence orders (AVOs).

Authorities, including NSW Police, have been informed and are taking the situation seriously, especially regarding domestic violence survivors who may be at additional risk. The breach was discovered during routine maintenance, and a security patch has been applied to the system to close the vulnerability. (ABC)

Data Breaches That Occurred in February 2025

1. Genea Fertility Clinic (Australia) Information Leak

On February 14, 2025, Genea, an Australian fertility clinic, experienced a ransomware attack by the Termite group. The attackers accessed the clinic’s network from January 31 and extracted approximately 940.7GB of sensitive patient data.

The compromised information included personal contact details, medicare numbers, medical histories, test results, and medications. No financial data was reported as affected. Genea secured a court injunction to prevent further dissemination of the data and is collaborating with cybersecurity authorities to address the incident. (​The Guardian)

2. Mars Hydro

In February 2025, Mars Hydro, a company specializing in hydroponic equipment, suffered a significant data breach. The incident resulted in the exposure of approximately 2.7 billion records, including sensitive information such as Wi-Fi passwords, IP addresses, and email addresses.

The breach highlighted vulnerabilities within the Internet of Things (IoT) landscape, emphasizing the need for robust security measures in connected devices. ​(Infosecurity Magazine)

3. Zapier

On February 27, 2025, Zapier, a workflow automation platform, disclosed unauthorized access to certain code repositories due to a misconfiguration of two-factor authentication on an employee’s account. The breach potentially exposed customer data inadvertently copied to the repositories for debugging purposes.

Upon discovery, Zapier secured the repositories and revoked the unauthorized access. The company is auditing its internal processes to prevent future incidents. ​ ( The Verge ) 

4. Western Sydney University

In February 2025, Western Sydney University experienced a data breach that compromised the personal information of approximately 10,000 current and former students. The data, accessed through the university’s single sign-on system, included demographic, enrollment, and academic progression details.

Additionally, another set of sensitive information was discovered on a dark web forum, possibly posted in November 2024, and believed to have been accessed between August and October of the same year.

The university detected unauthorized access in January and February 2025 and promptly engaged internal and third-party cyber experts to mitigate the breach.

NSW Police and various national cybersecurity bodies, including the Australian Federal Police and the Australian Cyber Security Centre, are investigating the incident. The university has taken legal action to prevent the misuse or dissemination of the stolen data and continues to monitor and strengthen its cybersecurity systems. ​(The Australian) 

Data Breaches That Occurred in January 2025

1. Community Health Center, Inc. (CHC) System Breach

On January 2, 2025, Community Health Center, Inc., a Connecticut-based healthcare provider, experienced a data breach affecting over 1 million individuals across multiple states. A skilled hacker infiltrated CHC’s systems, potentially accessing personal and medical information, including Social Security numbers and health insurance details. CHC has since enhanced its security measures and is offering identity theft protection to affected individuals. ​( HIPAA Journal ) 

2. TalkTalk Data Leak

In January 2025, UK telecommunications company TalkTalk investigated a data breach after a hacker known as “b0nd” claimed to be selling data of approximately 18.8 million customers. The exposed information included names, emails, IP addresses, and phone numbers. The breach was linked to a third-party supplier’s system, not TalkTalk’s own infrastructure. (The Scottish Sun​)

3. Gravy Analytics Information Leak

In early January 2025, Gravy Analytics, a location data broker, disclosed a breach involving unauthorized access to its AWS cloud storage. The breach potentially exposed precise location data of millions, including sensitive locations like government buildings. A sample of the data was found on a Russian forum, prompting ongoing investigations into the breach’s scope. (The Verge​)

4. Hillcrest Convalescent Center, Inc. Cyberattack

On January 4, 2025, Hillcrest Convalescent Center, Inc., a healthcare facility, reported a cyberattack compromising the personal and medical information of approximately 106,194 individuals.

The stolen data included names, Social Security numbers, medical records, treatment details, and health insurance information. The breach raised concerns about the security of patient data in healthcare institutions. (​Tech.co)

Data Breaches That Occurred in December 2024

 1. U.S. Department of the Treasury Breach 

On December 30, 2024, the U.S. Department of the Treasury disclosed a cybersecurity breach attributed to a state-sponsored actor from the People’s Republic of China. The attackers exploited a vulnerability in a third-party service, BeyondTrust, gaining access to unclassified documents and remotely accessing workstations. 

The breach affected multiple offices within the department, including the Office of Foreign Assets Control and the Office of the Treasury Secretary. The incident is considered a major cybersecurity event by U.S. officials. ( TechTarget)

2. National Public Data (NPD) Data Leak

In December 2024, National Public Data, a U.S.-based data broker, confirmed a data breach that exposed approximately 2.9 billion records. 

The compromised data included full names, addresses, Social Security numbers, dates of birth, and phone numbers. The breach, which had been ongoing since April 2024, led to multiple class-action lawsuits and the company’s filing for Chapter 11 bankruptcy in October 2024. (​Wikipedia)

3. Randolph-Brooks Federal Credit Union (RBFCU)

On December 26, 2024, RBFCU, the largest credit union in Texas, reported a data breach affecting over 4,600 customers.

The breach involved a physical compromise of one of the credit union’s ATMs, potentially exposing customer names, account numbers, and credit or debit card information.

RBFCU notified affected members and reported the incident to the Texas Attorney General’s Office. ​(San Antonio Express News)

4. Cyberattack Using Chrome Browser Extensions 

In mid-December 2024, a cyberattack campaign compromised multiple Chrome browser extensions by inserting malicious code. The attackers aimed to steal browser cookies and authentication sessions, targeting social media advertising and AI platforms. Cyberhaven, one of the affected companies, detected and removed the malicious code shortly after its discovery. (​The Verge)

5. Stan Cash Retailer

In December 2024, Australian retailer Stan Cash suffered a data breach that exposed customer payment details, including credit card information, names, email addresses, and billing and delivery addresses. The breach remained undisclosed for a year, leading to fraudulent charges on customer accounts.

The Office of the Australian Information Commissioner and Victorian Police deemed the company’s response compliant, though the number of affected customers remains undisclosed. ​(News)

Data Breaches That Occurred in November 2024

1. Finastra

On November 7, 2024, Finastra, a London-based financial technology company, detected unauthorized access to its secure file-transfer platform. The breach involved the theft of approximately 400 gigabytes of data, potentially affecting sensitive information from major financial institutions.

Finastra serves around 8,100 companies, including 45 of the top 50 banks worldwide. The company isolated the affected system and is collaborating with law enforcement agencies in the U.S. and U.K. to investigate the incident. (WSJ​)

2. Hot Topic and BoxLunch

In November 2024, retail chains Hot Topic and its subsidiary BoxLunch suffered a data breach affecting nearly 57 million customer records. A hacker using the alias “Satanic” claimed responsibility and posted a 730 GB database for sale on a hacker forum.

The compromised data included names, email addresses, physical addresses, phone numbers, purchase history, birth dates, and partial credit card details.(​Electronic Frontier Foundation)

3. Krispy Kreme

On November 29, 2024, Krispy Kreme reported a cyberattack affecting its IT systems, leading to disruptions in online ordering in parts of the U.S. The company initiated investigations and containment measures with cybersecurity experts and contacted federal law enforcement.

While stores remained open for in-person orders, the full extent of the breach remained uncertain. (​MarketWatch)

4. Starbucks

In November 2024, Starbucks experienced a ransomware attack via a third-party supplier, leading to unauthorized access to internal systems.

The breach potentially exposed sensitive data, including employee information and internal documents. Starbucks initiated an investigation and implemented measures to secure its systems. (​strobes.co)

Data Breaches That Occurred in October 2024

1. Internet Archive

In early October 2024, the Internet Archive suffered a cyberattack that compromised approximately 31 million user accounts. The breach involved a malicious JavaScript injection, leading to the exposure of email addresses, usernames, and bcrypt-hashed passwords.

The organization responded by disabling the compromised script, initiating system scrubbing, and enhancing security measures. (The Verge​)

2. Salt Typhoon Espionage Campaign

In October 2024, U.S. officials disclosed that the Chinese state-sponsored group Salt Typhoon had breached nine U.S. telecommunications companies, including Verizon, AT&T, and T-Mobile.

The attackers accessed core network components, obtaining metadata of users’ calls and text messages, and in some cases, audio recordings. The campaign, believed to be ongoing for one to two years, targeted government officials and corporate intellectual property. ​ (Wikipedia)

3. Pokemon Developer Game Freak Data Leak

In October 2024, Game Freak, the developer behind the main Pokémon video games, confirmed a data breach resulting from unauthorized server access. Approximately 2,600 items, including employee names and company email addresses, were leaked.

Additionally, source code from previous games and limited details on future projects were exposed. Game Freak has since secured its servers and is enhancing security measures. (​The Verge, Wikipedia)

4. Dutch National Police

In October 2024, the Dutch National Police disclosed a data breach that exposed the names, email addresses, and phone numbers of nearly 63,000 officers and staff members.

The breach, discovered in late September, is suspected to have been carried out by a foreign state-sponsored actor. The Dutch government has initiated an investigation into the incident. (​Wikipedia)

Data Breaches That Occurred in September 2024

1. Infosys McCamish Systems

On September 6, 2024, Infosys McCamish Systems, an outsourcing company, announced a data breach potentially affecting 6.5 million records. The breach dated back to late 2023, with attackers active between October and November. There was a significant delay between data extraction and discovery.(​NordLayer)

2. Texas Tech Health Sciences Center Data Leak

In September 2024, hackers accessed and possibly removed sensitive data of over 1.4 million patients from Texas Tech Health Sciences Center’s Lubbock and El Paso locations.

The compromised information included names, birth dates, addresses, Social Security numbers, driver’s license numbers, government IDs, financial and health insurance information, and medical records. The university reported the breach to the U.S. Department of Health and Human Services. (​San Antonio Express-News)

3. Medicare MOVEit Data Breach

In September 2024, it was revealed that 3.1 million individuals were affected by the Medicare MOVEit data breach. This breach involved unauthorized access to sensitive healthcare data, highlighting vulnerabilities in data transfer systems within the healthcare sector. (​SOCRadar)

Data Breaches That Occurred in August 2024

1. Kadokawa and Niconico Cyberattack

Between June and August 2024, Japanese publisher Kadokawa and its video-sharing platform Niconico suffered a ransomware attack by the Russian-linked hacker group BlackSuit.

The attack led to the leak of personal and corporate information of approximately 254,241 users. Services were disrupted for nearly two months, and the companies implemented new security measures post-attack. (​Wikipedia)

2. Healthcare Data Breaches

In August 2024, the U.S. healthcare sector reported 92 new data breaches, affecting approximately 5.98 million individuals. The breaches involved unauthorized access to protected health information, including names, Social Security numbers, and medical records. Healthcare organizations are urged to strengthen their cybersecurity measures to prevent such incidents. (​IT Governance USA)

Data Breaches That Occurred in July 2024

1. AT&T Data Breach via Snowflake

In July 2024, AT&T disclosed a major data breach affecting nearly all of its wireless customers. Hackers exploited a vulnerability in a third-party cloud platform, Snowflake, to access call and text metadata, including phone numbers and timestamps, from May 2022 to January 2023.

The breach did not include call or text content, Social Security numbers, or dates of birth. AT&T has since shut down the unauthorized access point and is collaborating with law enforcement agencies. (​New York Post)

2. Comcast Customer Data Exposure

In July 2024, Comcast reported a data breach involving over 230,000 customers. The breach originated from a ransomware attack on Financial Business and Consumer Solutions (FBCS), a former debt collection agency for Comcast.

Exposed data included names, addresses, Social Security numbers, and birthdates. Comcast has notified affected individuals and is offering identity theft protection services. ​(The Verge)

3. Heritage Foundation Breach by SiegedSec

In July 2024, the hacker group SiegedSec claimed responsibility for breaching the Heritage Foundation, a conservative think tank. The group released internal communications and documents, alleging the breach was in protest against the organization’s political activities.

The Heritage Foundation acknowledged the incident and stated that it is investigating the breach. ​(Wikipedia)

4. Liverpool Council Data Breach

In July 2024, Liverpool Council in Australia experienced a data breach after an external hard drive containing personal information of approximately 3,877 individuals went missing.

The data included phone numbers, addresses, and insurance claim details related to public liability and worker compensation. The council has notified affected individuals and is reviewing its data storage policies to prevent future incidents. (​dailytelegraph)

5. Holt Group and Associated Businesses Breach

In July 2024, Holt Group, a machinery and construction company based in Texas, reported a data breach affecting 12,455 individuals. The compromised data included names, addresses, government-issued IDs, and financial information.

Additionally, four other San Antonio businesses reported breaches, collectively impacting 16,130 Texans. All affected companies have notified individuals and are cooperating with investigations. (​San Antonio Express)

Data Breaches That Occurred in June 2024

1. Acadian Ambulance Service

Between June 19 and 21, 2024, Acadian Ambulance Service experienced a ransomware attack by the Daixin Team, compromising the protected health information of approximately 2.9 million individuals.

The stolen data included names, addresses, Social Security numbers, and medical information. The attackers demanded a $7 million ransom, while Acadian attempted to negotiate a lower amount. The breach was discovered on June 23, 2024. ​(HIPAA Journal)

2. Life360 and Tile Tracker

On June 12, 2024, Life360, the parent company of Tile tracker, suffered a data breach due to a vulnerability in its backend systems.

Hackers accessed a database containing names, addresses, phone numbers, and other personal data of millions of users. The breach raised concerns about the security of surveillance and tracking tools integrated with law enforcement. (​Prey)

3. IntelBroker’s Cyberattacks

In June 2024, the hacking group IntelBroker claimed responsibility for multiple cyberattacks, including breaches of Apple and AMD.

They allegedly acquired internal Apple tools and source code, and breached AMD’s systems, exposing data on future products, employee information, and financial records. These breaches highlighted vulnerabilities in major tech companies’ cybersecurity measures. (​Wikipedia)

5. Ukrainian Cyberattacks on Russian Infrastructure

In June 2024, Ukrainian cyber operatives conducted widespread attacks on various Russian government websites, including those of key ministries. The disruptions extended to civilian services, with local reports indicating several wedding cancellations due to system outages.

Additionally, on June 12, Ukrainian hackers targeted the online systems of multiple Russian airports, causing flight disruptions. (​Wikipedia)

Data Breaches That Occurred in May 2024

1. Ticketmaster

In May 2024, Ticketmaster experienced a significant data breach when hackers accessed a Snowflake-hosted database. The breach exposed personal and financial data of approximately 560 million customers, including names, email addresses, phone numbers, ticket purchase histories, and partial payment information.

The hacker group ShinyHunters claimed responsibility and attempted to sell the 1.3TB dataset for $500,000. The breach was linked to compromised credentials from a third-party vendor, EPAM. (​Tech.co)

2. Ascension Health Ransomware Attack

On May 8, 2024, Ascension Health, a major U.S. healthcare system, suffered a ransomware attack by the Black Basta group. As a result, clinical operations across 142 hospitals were disrupted, causing an electronic health record outage that lasted nearly four weeks.

The breach began when an employee inadvertently downloaded a malicious file, which in turn allowed the attackers to move laterally across the network. ​(HIPAA Journal)

3. London Drugs

In May 2024, Canadian retailer London Drugs was targeted by the LockBit ransomware group, leading to the temporary closure of all its stores nationwide.

LockBit demanded a $25 million ransom and later leaked stolen employee data when the company refused to pay. London Drugs confirmed that customer and primary employee data were not compromised. (Wikipedia​)

4. UK Ministry of Defence Data Breach 

Here’s a version with smooth transitions added:

In May 2024, a cyberattack on Shared Services Connected Ltd (SSCL), a contractor for the UK’s Ministry of Defence, exposed personal and banking details of up to 272,000 military personnel.

The breach, which is suspected to have been orchestrated by Chinese state actors, affected regular forces, reservists, and some veterans. In response, an investigation was launched to assess the impact and strengthen cybersecurity measures. (The Times)

5. MediSecure

In May 2024, Australian electronic prescription provider MediSecure suffered a large-scale ransomware attack. The breach compromised sensitive medical and personal information, prompting investigations by federal authorities.

The incident highlighted vulnerabilities in healthcare data systems and the need for robust cybersecurity protocols. (​Wikipedia)

Data Breaches That Occurred in April 2024

1. Illinois Department of Human Services System Breach

In April 2024, the Illinois Department of Human Services (IDHS) confirmed a data breach affecting over 1 million individuals.

The breach resulted from a phishing campaign targeting IDHS employee accounts, leading to unauthorized access to personal information, including Social Security numbers, names, addresses, and public assistance account details.

Approximately 4,700 individuals had their Social Security numbers exposed. (​Jacksonville Journal-Courier)

3. Pandabuy Data Breach

In April 2024, Pandabuy, a Chinese e-commerce platform, suffered a data breach compromising the personal information of approximately 1.3 million users. The breach included names, contact details, order information, and addresses.

The data was initially ransomed and later leaked online, leading to significant reputational damage for the company. (​Wikipedia)

3. Healthcare Sector Breaches

In April 2024, the U.S. healthcare sector reported 54 data breaches, impacting over 15 million patients. The breaches affected health plans, healthcare providers, and business associates, exposing sensitive patient information such as names, addresses, Social Security numbers, and medical records.

The incidents were primarily due to unauthorized access and hacking activities. (Paubox)

Data Breaches That Occurred in March 2024

1. American Express System Breach 

In early 2024, American Express notified customers of a data breach originating from a third-party merchant processor. The breach exposed cardholder names, account numbers, and expiration dates of over 50,000 customers.

American Express’s own systems were not compromised. The company assured affected customers of zero liability for fraudulent charges and advised them to monitor their accounts for suspicious activity .​(Twingate)

2. International Monetary Fund (IMF) Data Breach 

In February 2024, the IMF disclosed a cybersecurity incident involving the compromise of eleven staff email accounts. The unauthorized party behind the attack remained unidentified, and an internal investigation was launched to determine the motive.

While no wider computer network breach was found, the attack underscored the risks of credential theft even in highly secured environments.

The IMF responded by securing the accounts, enforcing multi-factor authentication, and boosting employee cyber awareness. This cyber incident joins the list of latest data breaches that show how a single point of failure can threaten sensitive data.

Institutions like the IMF, even without exposed personal information belonging to customers, must remain prepared against attempts by any unauthorized actor to exploit system weaknesses. (Reuters)

3. Fujitsu Data Breach 

In March 2024, Japanese tech giant Fujitsu detected malware within its internal IT systems, indicating a data breach. The presence of malware raised concerns that customer information might have been accessed without authorization.

Fujitsu proactively isolated the affected systems and launched an investigation to assess the scope of any data exposure.

As of the initial report, there was no evidence yet of misuse of data, but Fujitsu notified potentially impacted clients as a precaution while enhancing its network security.​ (Bleeping Computer)

Data Breaches That Occurred in February 2024

1. Atlassian (GAO Contractor) 

A data breach affecting ~6,600 people connected to the U.S. Government Accountability Office was traced to a vulnerability in Atlassian Confluence​. Attackers exploited the flaw via GAO’s contractor, CGI Federal, which identified the issue and alerted the agency.

The breach of the Confluence collaboration tool allowed unauthorized access to personal data of GAO employees and contractors. GAO and CGI Federal applied patches and enhanced access controls to close the hole. ( Cyberscoop)

2. PlayDapp 

Blockchain gaming platform PlayDapp was rocked by a two-stage crypto heist in February, in which hackers minted 1.79 billion of its PLA tokens (worth ~$290 million) out of thin air​.

First, a compromised private key let them create 200 million tokens; despite PlayDapp’s quick response, the attackers returned to mint another 1.59 billion tokens, vastly amplifying the losses.

The criminals cashed out a portion, causing financial damage to the platform’s economy. PlayDapp alerted its community, secured its token minting process, and worked to remediate the incident, highlighting the challenges of securing crypto platforms. (Elliptic)

3. U.S. State Government Agency  

A U.S. state government agency fell victim to a multi-stage cyber intrusion enabled by leaked employee credentials. Hackers obtained a former employee’s administrator login (likely from a prior breach) and used it to access the agency’s VPN and internal network​.

Once inside, they harvested additional passwords and escalated privileges, ultimately stealing sensitive host and user data which was later posted on a dark web marketplace.

The Cybersecurity and Infrastructure Security Agency (CISA) investigated the incident, and the affected state agency tightened access controls and credential management to prevent a recurrence. (The Hacker News)

4. UnitedHealth Group (Change Healthcare)  

In late February, UnitedHealth Group’s technology unit, Change Healthcare, was hit by a devastating ransomware attack that exposed the private health information of over 100 million Americans​. The BlackCat (ALPHV) ransomware gang perpetrated the attack​, which stands as the largest healthcare data breach in U.S. history. 

The hackers disrupted claims processing for months and stole extensive data including names, contact info, Social Security numbers, and medical records​. UnitedHealth began notifying affected individuals over the summer and cooperated with government regulators on the response.

This breach’s massive scale has raised lasting concerns about healthcare cybersecurity. (​techcrunch.com)

Data Breaches That Occurred in January 2024

1. Hathway Cable & Datacom Ltd Security breach

In January 2024, Indian ISP Hathway was breached by a hacker known as “dawnofdevil,” exploiting a vulnerability in the Laravel framework. While the attacker claimed access to data of over 41 million customers, analyses suggest approximately 4 million unique records were affected.

Exposed data included names, email addresses, phone numbers, home addresses, Aadhaar card images, and other KYC details . Hathway has not publicly confirmed the breach. ( The Cyber Express)

2. Trello Information breach

In January 2024, a threat actor named “emo” exploited an unauthenticated Trello API endpoint to associate email addresses with public Trello profiles.

Using a list of 500 million email addresses, they identified over 15 million users and compiled data including email addresses, names, usernames, and activity logs. The data was later offered for sale on a hacking forum .

Atlassian, Trello’s parent company, confirmed the misuse and subsequently required authentication for the API. (​Aptori)

3. Mercedes-Benz 

In January 2024, Mercedes-Benz suffered a massive data breach due to human error. An employee exposed a GitHub token in a public repository, giving access to the company’s systems, including source code, cloud keys, and API credentials. The unauthorized party had access for nearly four months before discovery.

Mercedes-Benz revoked the token, removed the repository, and launched an internal investigation. The company said no personal information belonging to customers or banking information was compromised. However, the cybersecurity incident highlighted serious risks tied to unsecured development tools.

This cyber incident is part of the latest data breaches affecting major firms. It reinforces the need to secure gitlab repositories, monitor access across computer networks, and stay alert to threats from any unauthorized actor targeting sensitive data. (Polymer)

Data Breaches Table Overview (January 2024 – April 2025)

Date	Organization(s)	Records Affected	Data Exposed	Attack Method	Notes / Source
Jan 2024	Hathway Cable & Datacom Ltd	~4M	Names, emails, phone #s, addresses, Aadhaar card images	Laravel framework vulnerability	Claimed by “dawnofdevil.” Company has not confirmed. (The Cyber Express)
Jan 2024	Trello	15M+ (matched emails)	Email addresses, names, usernames, activity logs	Unauthenticated API endpoint	Attacker “emo” identified users from 500M emails. Atlassian required authentication for the API. (Aptori)
Jan 2024	Mercedes-Benz	Not disclosed (internal)	Source code, design docs, API credentials, cloud access keys	Accidental GitHub token exposure	Token remained public ~4 months. No customer data compromised. (Polymer)
Feb 2024	Atlassian (GAO Contractor)	~6,600 (GAO-related)	Personal data of employees & contractors	Exploit in Confluence (CGI Federal)	GAO & CGI Federal patched the issue & tightened access. (Cyberscoop)
Feb 2024	PlayDapp	1.79B minted tokens	Crypto tokens (PLA) artificially created	Compromised private key	~$290M worth minted. Attack happened in two stages. (Elliptic)
Feb 2024	U.S. State Government Agency	Not specified	Internal host/user data	Credential theft & VPN access	Leaked admin credentials used. Data later posted on a dark web forum. (The Hacker News)
Feb 2024	UnitedHealth Group (Change Healthcare)	100M+	Names, contact info, SSNs, medical records	Ransomware (BlackCat/ALPHV)	Largest healthcare breach in U.S. history. Disrupted claims for months. (techcrunch.com)
Mar 2024	American Express	50,000+	Cardholder names, account #s, expiration dates	Breach via third-party merchant processor	Amex systems unaffected. Customers have zero fraud liability. (Twingate)
Mar 2024	International Monetary Fund (IMF)	11 staff email accounts	Possible staff emails and attachments	Unknown (likely phishing or cred theft)	No broader network breach found. IMF enforced stronger MFA. (Reuters)
Mar 2024	Fujitsu	Not disclosed	Potential customer info	Malware detected in internal IT systems	Systems isolated, impacted clients notified. (Bleeping Computer)
Apr 2024	AT&T	100M+	Phone records (numbers, call frequency, durations, cell sites)	External cloud breach (Snowflake)	Data exfiltrated May–Oct 2022. (Wikipedia)
Apr 2024	Illinois Dept. of Human Services (IDHS)	1M+	SSNs, names, addresses, public assistance details	Phishing attack on employee accounts	~4,700 SSNs exposed. (Jacksonville Journal-Courier)
Apr 2024	Pandabuy	~1.3M	Names, contact details, order info, addresses	Ransom & subsequent public leak	Data posted online after ransom demand. (Wikipedia)
Apr 2024	Healthcare Sector (U.S.)	15M+	Names, addresses, SSNs, medical records	Multiple unauthorized access/hacks	54 reported breaches in one month. (Paubox)
May 2024	Ticketmaster	560M	Names, emails, phone #s, ticket histories, partial payment info	Breach of Snowflake-hosted database	ShinyHunters group. 1.3TB dataset. (Tech.co)
May 2024	Ascension Health	142 hospitals impacted	EHR data: patient records, clinical operations info	Ransomware (Black Basta)	4-week outage. Entry via malicious file download. (HIPAA Journal)
May 2024	London Drugs	Not disclosed	Possibly employee data	Ransomware (LockBit)	Temporarily closed all stores. Employee data leaked. (Wikipedia)
May 2024	UK Ministry of Defence (via SSCL contractor)	Up to 272,000 personnel	Personal and banking details	Suspected Chinese state actors	Affected regular forces, reservists, some veterans. (The Times)
May 2024	MediSecure	Not disclosed	Sensitive medical & personal data	Ransomware	Australian provider. Federal investigation launched. (Wikipedia)
Jun 2024	Acadian Ambulance Service	~2.9M	Names, addresses, SSNs, medical data	Ransomware (Daixin Team)	Attackers demanded $7M. Detected June 23. (HIPAA Journal)
Jun 2024	Life360 & Tile	Millions	Names, addresses, phone #s, personal data	Backend vulnerability	Raised concerns about tracking & law enforcement usage. (Prey)
Jun 2024	IntelBroker (Apple & AMD breaches)	Not disclosed	Internal Apple tools/code, AMD product data, employee info	Hacking group infiltration	Exposed future product data & financial info. (Wikipedia)
Jun 2024	Ukrainian Cyberattacks on Russian infra	Not disclosed	Government & civilian services disrupted	Coordinated cyber operations	Targeted websites, airports. Several flight disruptions, wedding cancellations. (Wikipedia)
Jul 2024	AT&T (via Snowflake)	Nearly all wireless customers	Call & text metadata (numbers, timestamps)	Third-party cloud vulnerability	No call/text content or SSNs stolen. (New York Post)
Jul 2024	Comcast (via FBCS)	230,000+	Names, addresses, SSNs, birthdates	Ransomware on debt collection agency	FBCS breach. Comcast offering ID theft protection. (The Verge)
Jul 2024	Heritage Foundation	Not disclosed	Internal communications & documents	Hacker group SiegedSec	Hackers protested org’s political stance. (Wikipedia)
Jul 2024	Liverpool Council (Australia)	~3,877	Phone #s, addresses, insurance claim details	Lost/missing external hard drive	Affected liability & worker compensation data. (dailytelegraph)
Jul 2024	Holt Group & 4 other San Antonio businesses	12,455+ (Holt alone)	Names, addresses, IDs, financial info	Cyberattack(s)	16,130 Texans impacted across all 5 breaches. (San Antonio Express)
Aug 2024	Kadokawa & Niconico	~254,241	Personal & corporate info	Ransomware (BlackSuit)	Russian-linked group. Services disrupted ~2 months. (Wikipedia)
Aug 2024	U.S. Healthcare Sector (multiple)	92 new breaches	Names, SSNs, medical records	Various unauthorized access	~5.98M individuals affected overall. (IT Governance USA)
Sep 2024	Infosys McCamish Systems	~6.5M	Not specified (likely personal & business data)	Delayed discovery of infiltration	Attackers active late 2023, found in Sep 2024. (NordLayer)
Sep 2024	Texas Tech Health Sciences Center	~1.4M	Names, SSNs, addresses, IDs, financial & medical data	Hacking	Reported to HHS. (San Antonio Express-News)
Sep 2024	Medicare MOVEit	3.1M	Sensitive healthcare data	Unauthorized system access (MOVEit)	Highlighted data transfer vulnerabilities. (SOCRadar)
Sep 2024	Internet Archive	31M	Emails, usernames, bcrypt password hashes, other data	JavaScript injection & DDoS attacks	Verified by Troy Hunt. Another incident repeated in Oct. (WIRED)
Oct 2024	Internet Archive	31M	Emails, usernames, bcrypt password hashes	Malicious JS injection	Disabled compromised script, system scrubbed. (The Verge)
Oct 2024	Salt Typhoon espionage campaign	9 U.S. telcos (Verizon, AT&T, T-Mobile)	Metadata of calls, texts, some audio	State-sponsored infiltration	Ongoing 1–2 years. Targeted govt officials & IP. (Wikipedia)
Oct 2024	Game Freak (Pokémon developer)	~2,600 items	Employee names, emails, some source code, project details	Unauthorized server access	Past project code & partial future plans leaked. (The Verge, Wikipedia)
Oct 2024	Dutch National Police	~63,000 staff	Names, email addresses, phone #s	Suspected state-sponsored actor	Discovered in late Sep. (Wikipedia)
Nov 2024	Finastra	400 GB stolen data	Sensitive info from major financial institutions	Breach of secure file-transfer platform	Affects ~8,100 companies, 45/50 top banks. (WSJ)
Nov 2024	Hot Topic & BoxLunch	~57M customer records	Names, emails, addresses, phone #s, purchase history	Hacker “Satanic” posted 730 GB for sale	Partial credit card data included. (Electronic Frontier Foundation)
Nov 2024	Krispy Kreme	Not disclosed	IT systems disruption	Cyberattack (unknown type)	Online ordering disrupted. Extent under investigation. (MarketWatch)
Nov 2024	Starbucks	Not disclosed	Potentially employee data, internal docs	Ransomware via third-party supplier	Systems secured, investigation ongoing. (Strobes.co)
Dec 2024	U.S. Dept. of the Treasury	Not disclosed	Unclassified docs, workstation access	Exploit in BeyondTrust service	Attributed to China state-sponsored actor. Affected multiple Treasury offices. (TechTarget)
Dec 2024	National Public Data (NPD)	2.9B	Full names, addresses, SSNs, DOB, phone #s	Ongoing breach (Apr–Dec 2024)	Company filed Chapter 11 in Oct 2024. (Wikipedia)
Dec 2024	Randolph-Brooks Federal Credit Union (RBFCU)	4,600+	Names, account #s, credit/debit card info	Physical ATM compromise	ATM physically tampered. (San Antonio Express News)
Dec 2024	Chrome Browser Extensions (multiple)	Not disclosed	Browser cookies, authentication sessions	Malicious code inserted into Chrome extensions	Targeted social media ads & AI platforms. (The Verge)
Dec 2024	Stan Cash (Australia)	Not disclosed	Customer payment details, addresses	Security breach (undisclosed method)	Fraudulent charges, discovered after a year. (News)
Jan 2025	Community Health Center (CHC)	1M+	Names, SSNs, health insurance details	Skilled hacker infiltration	Multiple states affected, offering ID theft protection. (HIPAA Journal)
Jan 2025	TalkTalk (UK)	18.8M (claimed)	Names, emails, IP addresses, phone #s	Third-party supplier breach	Hacker “b0nd” selling data. (The Scottish Sun)
Jan 2025	Gravy Analytics	Not disclosed	Precise location data	Unauthorized access to AWS	Sample found on Russian forum. (The Verge)
Jan 2025	Hillcrest Convalescent Center	~106,194	Names, SSNs, medical records, treatment details	Cyberattack (unspecified)	Data stolen raised questions about patient security. (Tech.co)
Feb 2025	Genea Fertility Clinic (Australia)	~940.7GB data exfiltrated	Personal contact info, Medicare #s, med histories, test results	Ransomware (Termite group)	Court injunction to block data dissemination. (The Guardian)
Feb 2025	Mars Hydro	2.7B records	Wi-Fi passwords, IP addresses, emails	Significant breach (IoT vulnerability)	Showed risks in connected devices. (Infosecurity Magazine)
Feb 2025	Zapier	Not disclosed	Customer data in code repositories	Unauthorized access due to 2FA misconfiguration	Repos secured, auditing processes. (The Verge)
Feb 2025	Western Sydney University	~10,000	Demographic, enrollment, academic info	Single sign-on compromise + dark web posting	Access occurred Aug–Oct 2024. Security experts engaged. (The Australian)
Mar 2025	Oracle Cloud	6M records	Java KeyStore files, encrypted SSO passwords, key files	Threat actor “rose87168” exfiltration	Affecting ~140,000 tenants. (Strobes)
Mar 2025	Bank Sepah (Iran)	42M (claimed)	Account #s, passwords, phone #s, addresses, transaction histories	Hacker group “Codebreakers”	Affected military/govt sectors. Initially denied by the bank. (Wikipedia)
Mar 2025	Pennsylvania State Education Assoc. (PSEA)	500,000+	Highly sensitive personal data	Ransomware (Rhysida group)	Exposed vulnerabilities in educational orgs. (PKWARE)
Mar 2025	Australian Superannuation Funds	Thousands of accounts	Passwords, some personal/financial data	Credential stuffing	4 AustralianSuper customers lost $500k. (ABC)
Mar 2025	NSW Dept. of Communities & Justice (Australia)	9,000+ docs accessed	AVOs & sensitive court documents	Unknown hack of secure online registry	Concern over domestic violence survivor data. (Authorities investigating)
Apr 2025	DBS Group & Bank of China (Singapore)	8,200 (DBS) + 3,000 (BoC)	Names, addresses, loan account #s	Ransomware on 3rd party vendor Toppan Next Tech	Trading statements & loan data. Core systems intact. (Reuters)
Apr 2025	NationsBenefits Holdings	3M+	Protected health information (PHI)	Clop ransomware, Fortra GoAnywhere exploit	HIPAA business associate breach. (HIPAA Journal)
Apr 2025	Evide (Northern Ireland)	Data from ~140 orgs	Phone #s, emails, personal data	Ransomware	Affected charities supporting abuse survivors. (Wikipedia)
Apr 2025	Consumer Financial Protection Bureau (CFPB)	~256,000 consumers	Personally identifiable info (PII) of consumers	Insider breach (ex-employee emailed data)	Also affected 45 financial institutions. Disclosed Apr 24. (Wikipedia)
Apr 2025	23andMe	~7M users	Health reports, genetic data	Hacker access from Apr–Sep 2023	Targeted Chinese & Ashkenazi Jewish ancestry. $30M settlement. (Reuters)

FAQs