We are only a few months by 2025, but this year it has already seen several data violations that affect the personal information of millions of people, including everyone, from students’ files to telephone data to sensitive health information.
Last year, in 2024, he saw more than 1 billion records stolen. If the first two months of this year are something they have to go through, 2025 seems to be an unprecedented year for data violations.
Powerschool violation probably affects tens of millions of students and teachers
The violation of Edtech Giant Powerschool is one of the biggest databases of students in recent history. While we do not know exactly how many files had been stolen (Powerschool repeatedly refused to disclose this percentage), reports claim that the violation affected more than 62 million students and 9.5 million teachers in the United States.
Powerschool, which provides K-12 software to more than 18,000 schools across North America, first revealed the data breach in January. At that time, Powerschool said the anonymous hackers used a single compromised certificate to enter the customer support gate, providing access to the wealth of data in the school information system, Powerschool SIS, which schools use to manage student files.
Hackers have access to sensitive personal information, including students’ grades, medical information and social security numbers. Many schools influenced by violation have told TechCrunch that other highly sensitive information, including extremely sensitive student data, including information about restriction orders, had access.
Powerschool has not confirmed or denied the reported 62 million, but various deposits have confirmed that millions of people were influenced by violation. A deposition with the Texas Attorney General revealed that about 800,000 states had closed their data, while the Rochester City school area confirmed that 134,000 students were affected.
Powerschool recently confirmed to TechCrunch that some 16,000 people in the United Kingdom had also stolen data in violation.
Musk’s Doge’s access represents a huge compromise of US Federal Government data
The first weeks of Trump’s administration have seen a different kind of violation – and what will probably be reduced in history as the largest compromise of US government data.
People who work for Elon Musk, who is behind the TRUMP Government Efficiency Department, or Doge, took control of the leading federal departments and data to access huge troves sensitive federal data. Doge-consistent with private sector employees from Musk businesses-has widely accessed US government’s critical payment systems containing the personal data of millions of Americans and responsible for the disbursement of trillion dollars each year.
Since then, a coalition of over twelve US states have filed a lawsuit to prevent the Musk cost team from access to government systems containing American personal data. More than 100 current and former federal officials have also sued Musk’s Doge service to access the sensitive US staff records without proper authorization.
The Community Health Center (CHC), a non -profit health care provider based on Connecticut, said in January that a hacker had access to sensitive data of more than one million patients.
The CHC, which provides services such as school healthcare and substance abuse, said the anonymous hacker has jeopardized its network on January 2 to steal patients’ personal data and sensitive health information. These data include patient addresses, telephone numbers, diagnoses, treatment details, test results, social security numbers and health insurance information.
Stalkerware Cocospy, Spyic and Spyzie apps expose millions of people phone
A trio of Stalkerware applications exhibited the personal data of millions of people who have been planted in their devices unintentionally, a security researcher revealed to TechCrunch in February.
The three applications – Cocospy, Spyic and Spyzie – all share the same safety susceptibility that allows anyone to access personal data, including messages, photos and call records, from devices that have installed applications, usually without the knowledge of the device holder.
The error that is easy to examine also exposes the e -mail addresses of people who signed the Stalkerware applications. This allowed a security researcher to scratch the e -mail addresses of about 3.2 million email addresses by Cocospy, Spyic and Spyzie, which are provided to violate the notification website.
US DISA employees detection service confirms the breach that affects more than 3 million people
DISA, a employee control service provider, including drug and alcohol tests and historical controls, confirmed in February a huge data violation that occurred almost a year earlier in April 2024.
In a testimony with Maine’s Attorney General, DISA said the violation had affected more than 3.3 million people who had undergone workers’ control tests. While the company said its internal research “could not definitively conclude” which specific data had been stolen, a separate deposition in the state of Massachusetts confirms that social security numbers, financial information and identity documents issued by the government are included in the stolen data.
DISA accused the violation of an unknown hacker who had access to a part of the company network for more than two months before noticing.
