According to the 2024 Annual Data Breach Report by the Identity Theft Resource Center, there were more than 1.7 million victim notices, “a measure of the scale of events and impacts on individuals,” last year, a number that was triple that of 2023. With 3,158 total compromises recorded in 2024, it’s no surprise that this past January 2025 was also full of data breaches.
Compiled on February 3, the following list is composed of data breach headlines that were published (if not occurred) during the month of January. Source articles have been organized by industry (finance, government, healthcare, hospitality, infrastructure, legal, retail, and tech) in reverse chronological order.
Security Breaches Reported in January 2025
Finance
1/31/2025
850,000 people exposed in massive insurance data breach — full names, dates of birth and SSNs | Tom’s Guide
As reported by BleepingComputer, Globe Life is now saying that an additional 850,000 people may be affected by the June breach. Back in June of 2024, the insurance company Globe Life suffered a data breach that allegedly accessed policyholder data. The company initiated an investigation that revealed some information back in October of last year which claimed that at least 5,000 people were potentially affected. The October release revealed that a small-scale breach was discovered in a subsidiary company, American Income Life Insurance Company
1/27/2025
Hackers steal $85 million worth of cryptocurrency from Phemex | Bleeping Computer
The Phemex crypto exchange suffered a massive security breach on Thursday where threat actors stole over $85 million worth of cryptocurrency. "On January 23, 2025, at 11:30 UTC, we detected unusual activity in our hot wallet," reads the announcement on Phemex's website. Phemex CEO Variola mentioned on X that the threat actor and the attack were "sophisticated" but omitted any specifics that could provide pointers for attribution.
1/25/2025
NoOnes Suffers Major Security Breach Resulting In $8 Million Loss | Binance
On January 26, the peer-to-peer cryptocurrency trading platform NoOnes disclosed a significant security breach earlier this month, resulting in the loss of approximately $8 million in crypto assets. The incident was confirmed by CEO Ray Youssef after blockchain investigator ZachXBT revealed the hack on his Telegram channel. Youssef, who previously served as CEO of rival peer-to-peer crypto platform Paxful, explained that the breach occurred on January 1 due to an exploitation of their Solana bridge. In response, NoOnes promptly disabled the compromised bridge.
1/25/2025
PayPal to pay $2 million settlement over 2022 data breach | Bleeping Computer
New York State has announced a $2,000,000 settlement with PayPal over charges it failed to comply with the state's cybersecurity regulations, leading to a 2022 data breach. The Department of Financial Services (DFS) action says that threat actors took advantage of security gaps in PayPal's systems to conduct credential stuffing attacks that provided access to sensitive customer information. In 2023, PayPal disclosed that threat actors conducted a large-scale credentials stuffing attack between December 6th and December 8th, 2022, where 35,000 accounts were breached.
Government
1/23/2025
Conduent Confirms Cyberattack After Government Agencies Report Outages | SecurityWeek
The Wisconsin Department of Children and Families revealed that organizations in four states had been impacted by a “global network issue” at Conduent, noting that the vendor had been working on “rebuilding” its server. The Department of Children and Families in Wisconsin said on January 18 that the incident impacted payments. While the little information that is available suggests that Conduent may have been targeted in a ransomware attack, no known ransomware group has taken credit for the attack by the time of writing.
1/20/2025
Breach exposes FBI data links | Digital Watch Observatory
A major data breach involving telecom provider AT&T has compromised sensitive information about FBI agents’ call and text logs. The incident, which occurred last year, exposed phone numbers and contact details, though not the content of communications. FBI officials warn that the breach may risk revealing the identities of confidential informants. AT&T reported in July that hackers had stolen records linked to 109 million customer accounts.
1/18/2025
Valley residents who receive public assistance warned of HHS data breach | KRGV
The Texas Health and Human Services Commission says at least 61,000 food stamp recipients may have had their personal information improperly accessed by state employees. The state says money from accounts may have been stolen.
1/13/2025
UN aviation agency confirms nearly 12,000 affected by data breach | Tech Monitor
The International Civil Aviation Organization (ICAO), a specialised agency of the United Nations, has confirmed that a data breach has affected nearly 12,000 individuals. The breach, involving the unauthorised release of recruitment-related data, was first reported last week and is currently under investigation by the agency. ICAO, which operates with 193 member countries, disclosed that the breach relates to the release of approximately 42,000 recruitment records spanning from April 2016 to July 2024. After conducting an internal review, the organisation confirmed that 11,929 individuals were impacted by the unauthorised data exposure.
1/7/2025
CISA: Third-Party Data Breach Limited to Treasury | Dark Reading
The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that the third-party breach that affected the US Treasury Department at the hands of Chinese threat actors was limited to just that agency. The department alerted lawmakers on Dec. 30 to the intrusion, noting that cyber threat actors were able to compromise systems and steal data from workstations. The breach was carried out by exploiting CVE-2024-12356 in BeyondTrust cybersecurity company.
1/2/2025
Ransomware gang leaks data stolen in Rhode Island's RIBridges Breach | BleepingComputer
The Brain Cipher ransomware gang has begun to leak documents stolen in an attack on Rhode Island's "RIBridges" social services platform. Rhode Island first learned that RIBridges was the target of an attack on December 5 after being notified by its vendor, Deloitte. However, it wasn't until December 10 that it was confirmed that threat actors gained access to the system and likely stole data. It is believed that approximately 650,000 people were impacted by the breach and may have had their names, addresses, dates of birth, Social Security numbers, and certain banking information exposed in the attack.
Healthcare
2/1/2025
1,000,000 Patients Exposed In Healthcare Provider Data Breach | Forbes
On Jan. 30, Community Health Center, Inc. revealed that a data breach incident exposed the sensitive personal and health information of over one million individuals. CHC, a leading organization providing primary healthcare services in the United States, experienced a cybersecurity breach on Jan. 2, 2025. According to an official notification to affected individuals, the breach involved unauthorized access to CHC's systems by a criminal hacker.
1/29/2025
70K nursing home patients have personal data stolen in breach | McKnights
Approximately 70,000 HCF Management patients from facilities across the chain’s network of SNF’s had their data obtained by RansomHub, a ransomware organization. And according to Bank Info Security, 250 gigabytes of this information was placed onto the group’s dark web website. One of the chain’s nursing homes said on Jan. 9 that its management company’s system was attacked, and it had spent months examining the possible damage.
1/27/2025
Change Healthcare data breach victim count rises to 190M | TechTarget
The Change Healthcare data breach victim count has risen to 190 million, UnitedHealth Group stated. The updated figure is nearly double the breach tally reported to regulators in July 2024. As previously reported, Change Healthcare suffered a cyberattack in February 2024 that led to widespread disruptions across the U.S. healthcare system. BlackCat/ALPHV ransomware actors claimed responsibility for the cyberattack, in which they reportedly exfiltrated six terabytes of data. UnitedHealth Group later confirmed that it paid a $22 million ransom in an effort to recover system access.
1/21/2025
Data breach hits home care patients at Allegheny Health Network | Pittsburgh Post-Gazette
AHN on Friday notified the Massachusetts attorney general that a health system vendor, IntraSystems LLC, found that a third party had been able to access some patients’ personal information, including names, birthdates, addresses, Social Security numbers, financial account numbers and health insurance, between Oct. 11 and Nov. 19. After investigating the incident, AHN began sending data breach notification letters Friday to some 293,900 home medical equipment and home infusion patients.
1/21/2025
Blood Donation Service Confirms July 2024 Ransomware Attack Resulted in Personal Data Breach | CPO Magazine
American blood donation service OneBlood has confirmed that the July 2024 ransomware attack resulted in personal data breach. On July 29, 2024, OneBlood said it shut down some IT systems, reducing its capacity to collect, test, process, and distribute blood in Florida, Georgia, and the Carolinas after experiencing a cybersecurity incident.
1/15/2025
IU Health says security breach compromised medical records, addresses | The Herald-Times
A security breach at Indiana University Health in November may have compromised the medical records, address, and Social Security numbers of several individuals, the hospital announced last week. IU Health said the hospital learned on Nov. 8 that an “unauthorized user” had access to a team member’s email account between Aug. 27 and Oct. 2.
1/7/2025
Richmond University Medical Center data breach affects 674,000 | Healthcare Finance News
Richmond University Medical Center in New York has experienced a data breach that has potentially exposed the protected health information of more than 674,000 people in and around Staten Island, the facility said. The initial forensic investigation determined Richmond's electronic health records system was not affected by the incident. But the investigation also determined that certain other files may have been accessed or removed from the network on or around May 6, 2023.
1/6/2025
Tampa General Hospital Settles Data Breach Lawsuit for $6.8M | The HIPAA Journal
Tampa General Hospital has agreed to pay $6,800,000 to resolve a class action lawsuit related to a 2023 cyberattack that involved unauthorized access to systems containing the protected health information of more than 2 million patients. The intrusion was detected on May 31, 2023, and the forensic investigation confirmed that hackers had access to its network for almost three weeks between May 12 and May 30, 2023. The breach report was then amended to state that up to 2,430,920 individuals had been affected.
1/3/2025
Colorado Fertility Center Ransomware Attack Affects 80,000 Patients | The HIPAA Journal
Conceptions Reproductive Associates Inc. didn’t implement adequate security measures to prevent the data breach and violated the Health Insurance Portability and Accountability Act by taking six months to notify patients that their information was compromised, according to the complaint filed Thursday in the US District Court for the District of Colorado.
1/3/2025
New York Hospital Says Ransomware Attack Data Breach Impacts 670,000 | SecurityWeek
Richmond University Medical Center has been investigating a ransomware attack since May 2023 and it recently determined that it affects 670,000 people. The healthcare facility, which serves residents in Staten Island, New York, suffered significant disruptions in May 2023 after being targeted in a ransomware attack. It took the organization several weeks to restore impacted services.
Hospitality
1/29/2025
MGM will pay $45 million to settle data breach lawsuit | The Verge
MGM Resorts International has agreed to pay $45 million to settle a lawsuit over data breaches that collectively exposed the personal information of 37 million customers. The case consolidated 22 class-action lawsuits filed over two security incidents: a data breach in 2019, and a ransomware attack in 2023.
1/20/2025
Millions of hotel guest reservations leaked in Otelier data breach | TechRadar
Malicious actors used an infostealer to grab Atlassian login credentials from an Otelier employee. This access was then used to scrape tickets and other data, allowing them to obtain the credentials for S3 buckets, from where the attackers then exfiltrated 7.8TB of data. High-profile hotel chains, including Marriott, Wyndham, and Hilton, have had sensitive customer data. Hundreds of thousands of email addresses were said to have been exposed.
Infrastructure
1/31/2025
PowerSchool data breach endangers the personal information of millions of students | Security Info Watch
The PowerSchool Student Information System (SIS), student information software used by over 16,000 K-12 schools, recently disclosed a major cybersecurity incident that compromised vast amounts of personal data belonging to millions of teachers, students, and graduates across the United States and Canada. On December 28, 2024, threat actors exfiltrated personal information from PowerSchool SIS environments using PowerSource, the software's customer support portal. NBC reports that the breach was achieved with a single compromised employee password. Bleeping Computer's coverage of the incident reports that the number of affected students, as claimed by the hacker, is as high as 62 million.
1/25/2025
TalkTalk investigates breach after data for sale on hacking forum | Bleeping Computer
UK telecommunications company TalkTalk is investigating a third-party supplier data breach after a threat actor began selling alleged customer data on a hacking forum. "Our investigations are ongoing, however we can confirm that the number of potential customers referred to in certain online posts is wholly inaccurate and very significantly overstated." The threat actor had claimed: “this breach took place January 2025 and affects 18,839,551 current and previous customers.”
1/13/2025
Hackers Breach Telefónica's Network, Leak 2.3 GB of Data Online | Hackread
Telefonica, a Spanish multinational telecommunications company that operates in twelve countries with over 104,000 employees, confirmed a data breach of their internal ticketing system. The confirmation came after stolen data appeared on Breach Forums, a cybercrime and hacking forum. Hackers used compromised employee credentials to access and scrape 2.3 GB of internal data.
Legal
1/30/2025
152,000 Impacted by Data Breach at Berman & Rabin | SecurityWeek
Law firm Berman & Rabin is notifying roughly 152,000 individuals that their personal information was compromised in a July 2024 ransomware attack. The law firm determined that the threat actor behind the attack had access to its network between July 5 and July 8, and that they accessed certain systems and exfiltrated data from them.
1/17/2025
Wolf Haldenstein Data Breach Impacts 3.4 Million People | SecurityWeek
Law firm Wolf Haldenstein Adler Freeman & Herz LLP says more than 3.4 million people were impacted by a December 2023 data breach. Wolf Haldenstein did not reveal the type of cyberattack it fell victim to, whether any threat actor attempted to extort it, and who the compromised information belongs to.
Retail
1/20/2025
Harry Potter publisher breached, millions of records lifted • The Register | TheRegister.
Scholastic, publisher of children's book series like The Magic School Bus and Goosebumps, was added to the Have I Been Pwned database last week. A hacker stole login credentials from a Scholastic employee whose system was infected with malware and exfiltrated about eight million items of data. The data Parasocial stole contained 4,247,768 unique email addresses and a mix of names, phone numbers and home addresses for US-based customers. The hacker has no plans to make the data public, claiming to have breached the database out of boredom.
1/8/2024
Thousands Impacted by Casio Data Breach | SecurityWeek
Japanese electronics giant Casio has completed its investigation into the data breach caused by a recent ransomware attack and found that thousands of individuals are impacted. The company revealed in early October 2024 that some systems had failed and some services had been disrupted as a result of unauthorized access to its network. Nearly 6,500 employees from Japan and other countries are impacted. Casio said roughly 1,900 business partners are impacted.
1/2/2024
Volkswagen Data Breach: 800,000 Electric Car Owners’ Data Leaked | Cybersecurity News
Volkswagen has inadvertently exposed the personal information of 800,000 electric vehicle owners, including their location data and contact details. The breach, which occurred due to a misconfiguration in the systems of Cariad, VW’s software subsidiary, left sensitive data stored on Amazon Cloud publicly accessible for months. The breach was discovered by the Chaos Computer Club (CCC), a German hacker group known for its ethical hacking practices. The CCC promptly informed Volkswagen of the vulnerability, allowing the company to address the issue before it could be exploited maliciously.
Tech
2/1/2025
DeepSeek Data Leak Exposes 1,000,000 Sensitive Records | Forbes
On Jan. 29, cybersecurity researchers at Wiz Research revealed that DeepSeek, a Chinese AI-driven data analytics firm, had suffered a significant data leak, exposing over one million sensitive records. According to Wiz Research, the database contained sensitive information such as chat logs, system details, operational metadata, API secrets and sensitive log streams and was publicly accessible to anyone with an internet connection, raising significant concerns about DeepSeek's data management practices and compliance with privacy laws. Wiz Research found that the leak was caused by a misconfigured cloud storage instance that lacked proper access controls. This type of oversight is a common vulnerability in cloud-based systems.
1/30/2025
UK domain registry Nominet confirms breach via Ivanti zero-day | Bleeping Computer
Nominet, the official .UK domain registry and one of the largest country code registries, has confirmed that its network was breached earlier in January using an Ivanti VPN zero-day vulnerability. "The entry point was through third-party VPN software supplied by Ivanti that enables our people to access systems remotely," Nominet says in a customer notice shared with BleepingComputer.
1/28/2025
Engineering giant Smiths Group discloses security breach | Bleeping Computer
London-based engineering giant Smiths Group disclosed a security breach after unknown attackers gained access to the company's systems. Smiths is a British multinational listed on the London Stock Exchange that provides products to customers in the energy, safety, security, aerospace, and defense markets.The engineering company has yet to share when the breach was detected and if any business or customer data was stolen during the incident.
1/21/2025
HPE investigating security breach after hacker claims theft of sensitive data | TechCrunch
Hewlett Packard Enterprise is investigating a data breach after a well-known hacker claimed to have stolen sensitive information from the company. The hacker, who uses the alias “IntelBroker,” claims to have stolen a trove of data from HPE, the enterprise IT division of hardware giant HP. In a statement to TechCrunch, HPE spokesperson Laura von Pentz said, “HPE became aware on January 16 of claims being made by a group called IntelBroker that it was in possession of information belonging to HPE.
1/9/2025
A breach of Gravy Analytics’ huge trove of location data threatens the privacy of millions | TechCrunch
In its data breach notice filed with Norway, Unacast said it identified on January 4 that a hacker acquired files from its Amazon cloud environment through a “misappropriated key.” Unacast said it was made aware of the breach through communication with the hacker, but the company gave no further details. The full scale of the data breach isn’t yet known, but the alleged hacker has already published a large sample of location data from top consumer phone apps — including fitness and health, dating, and transit apps, as well as popular games.
Access Control Matters
The 2024 Annual Data Breach Report and this January 2025 Data Breach Headline compilation are a reminder that most breaches are preventable. Many breaches (including four of the five largest breaches of 2024) involve compromised credentials, and most breaches could have been prevented if protection had been implemented properly.
This ongoing pattern highlights a fundamental truth: security measures must evolve faster than the threats they aim to prevent. The shift toward proactive security—enforcing strict access controls, implementing least-privilege policies, and adopting zero-trust principles—is no longer just a best practice; it’s a necessity. With identity-based attacks on the rise, ensuring that only the right people have access to the right resources at the right time is critical to minimizing risk. The best time to secure a system isn’t after a breach—it’s before one happens.
Built upon the principle of continuous verification, Pomerium is a zero-trust reverse proxy that empowers organizations to modernize their security posture. With the ability to authenticate, authorize, monitor, and secure user access to any application without a VPN, Pomerium helps companies stay ahead of such threats and protect their critical resources.
Try Pomerium Today.
