We only have a few months until 2025, but this year we have already seen several data breaches affecting the personal information of millions of individuals, from student records to phone data and sensitive health information.
Last year, in 2024, more than a billion records were stolen. If the first two months of this year go by, 2025 looks like an unprecedented year for data breaches.
PowerSchool Violation Can Influence Tens of Million Students and Teachers
The Ed-Tech big powercook violation is one of the biggest violations of student data in recent history. Although the number of stolen records is still unknown (Powerschool has repeatedly refused to disclose this figure), it claims that the violation has affected more than 62 million students and 9.5 million teachers in the United States.
PowerSchool, which provides K-12 software to more than 18,000 schools across North America, first disclosed a data breach in January. At the time, PowerSchool said that unnamed hackers use a single compromised credential to access the customer support portal and allow access to the rich data in the school information system.
Hackers accessed sensitive personal information, including student grades, medical information, and Social Security numbers. Several schools affected by the violation told TechCrunch that other highly sensitive information was accessed, including highly sensitive student data, including information about restraining orders.
PowerSchool has not confirmed or denied the 62 million reported figures, but various applications have confirmed that millions of people have been affected by the violation. A filing with the Texas Attorney General revealed that data had been stolen by approximately 800,000 state residents, and the Rochester City School District confirmed that 134,000 students were affected.
Powerschool recently confirmed with TechCrunch that around 16,000 people in the UK were also stolen in violations.
Musk's Doge Access represents a major compromise in US federal government data
The first few weeks of the Trump administration saw different types of violations. And it could potentially diminish in history as the biggest compromise on US government data.
The individual, or Doge, who works for Elon Musk behind the Trump administration's so-called government efficiency department, managed the best federal departments and datasets to access huge, sensitive federal data. DOGE, which is primarily private sector employees of Musk's own companies, was responsible for robbing widespread access to the U.S. government's critical payment system, including the personal information of millions of Americans, and paying trillions of dollars each year.
Since then, a coalition of more than a dozen US states has filed a lawsuit to block mask cost-cutter teams from accessing government systems that contain mask personal data. More than 100 current and former federal officials are suing the Doge Mask agency for accessing sensitive American personnel records without proper permission.
Connecticut-based nonprofit health provider Community Health Center said in January that hackers had access to sensitive data from more than 1 million patients.
CHC, which provides services including school-based healthcare and substance abuse programs, said on January 2 that an unnamed hacker breached the network, stole patient personal data and sensitive health information. This data includes patient address, phone number, diagnosis, treatment details, test results, Social Security number and health insurance information.
Stalkerware Apps Cocospy, Spyic, and Spyzie publish phone data for millions of people
The trio of stalkerware apps unconsciously released personal data from millions of people planted on their devices, security researchers told TechCrunch in February.
All three apps, Cocospy, Spyic, and Spyzie, share the same security vulnerability that allows anyone to access personal data, such as messages, photos, and call logs, from the device on which they installed the app.
The easy-to-expose bug will also publish email addresses of people who have signed up for the Stalkerware app. This allowed security researchers to cut down around 3.2 million email addresses for Cocospy, Spyic and Spyzie customers.
US employee screening service DISA has confirmed violations affecting more than 3 million people
DISA, a Texas-based provider of employee screening services, is a provider of employee screening services that includes drug and alcohol testing and background checks, and confirmed in February a massive data breaches that occurred almost a year ago in April 2024.
In a filing with Maine attorney general, DISA said the violation affected more than 3.3 million people who took an employee screening test. The company said internal investigations “cannot clearly conclude” certain data stolen, but another submission in Massachusetts confirms that Social Security numbers, financial information and government-issued identity documents are one of the stolen data.
DISA accused the violation of unidentified hackers who had access to parts of the company's network for more than two months before it was known.