Biggest Data Breaches of 2025 to Date
If the first few months of this year are anything to go by, 2025 is shaping up to be an unprecedented year for data breaches.
Here is a look at the biggest data breaches of 2025 to date:
PowerSchool breach
PowerSchool, a leading K-12 edtech provider, suffered one of the largest student data breaches in history. Reports claim that the breach affected more than 62 million students and 9.5 million teachers in the United States. The company’s long-awaited CrowdStrike investigation revealed that its massive December 2024 data breach was preceded by earlier hacks in August and September. PowerSchool initially disclosed that hackers accessed its PowerSource customer support portal, using a remote maintenance tool to steal sensitive data, including names, addresses, SSNs, medical records, and grades.
Musk’s DOGE
Elon Musk’s Department of Government Efficiency (DOGE) seized access to critical federal data systems, exposing the personal information of millions of Americans.More than 100 current and former federal officials have also sued Musk’s DOGE agency for accessing the sensitive personnel records of Americans without proper authorization.
Community Health Center Hack
In January, Connecticut-based nonprofit Community Health Center (CHC) confirmed a hacker stole over a million patient records, including addresses, phone numbers, diagnoses, treatment details, Social Security numbers, and insurance information.
Stalkerware Apps Leak Millions of Users’ Data
A security researcher found that stalkerware apps Cocospy, Spyic, and Spyzie exposed millions of users’ personal data—messages, photos, and call logs—due to a security flaw. The bug also leaked 3.2 million email addresses of customers who signed up for these apps.
DISA Employee Screening Breach
Texas-based DISA, which provides background checks and drug testing services, disclosed a breach affecting over 3.3 million people who had undergone employee screening tests. The April 2024 attack exposed Social Security numbers, financial data, and government-issued IDs. The hacker remained undetected for over two months before being discovered.
With 2024’s breaches exceeding 1 billion records, 2025 is shaping up to be even worse.
