Top 10 Data Breaches of 2025<\/b><\/p>\n
The year 2025 marked one of the most volatile periods in cybersecurity history, with data breaches reaching unprecedented scale and sophistication across industries. From retail giants and financial platforms to media organizations and critical healthcare networks, attackers exploited vulnerabilities in cloud systems, third-party vendors and aging digital infrastructure to access millions of personal records worldwide. These incidents not only exposed sensitive information but also triggered executive upheavals, regulatory scrutiny, and a renewed urgency for stronger digital resilience. Together, 2025\u2019s largest breaches paint a stark picture of an evolving threat landscape and the growing challenges of safeguarding data in an increasingly interconnected world.<\/span><\/p>\n 16 Million Passwords Leaked<\/b><\/p>\n Date: June 2025<\/span><\/p>\n Impact: 16 billion credentials<\/span><\/p>\n One of the largest credential-stuffing datasets ever assembled emerged in June, aggregating stolen credentials from infostealer malware, historical breaches, and massive password reuse across platforms such as Google, Apple, and Facebook. While this wasn\u2019t a singular attack but rather cumulative records discovered since the beginning of the year, it still highlights the importance of good security practices.\u00a0<\/span><\/p>\n Key takeaway: Passwords alone are obsolete. MFA and credential hygiene are mandatory, not optional.<\/span><\/p>\n SK Telecom Malware Intrusion<\/b><\/p>\n Date: April 2025<\/span><\/p>\n Impact: 27 million users<\/span><\/p>\n Attackers deployed a stealthy Linux-based RAT (BPFDoor) across 28 servers, exploiting the Berkeley Packet Filter (BPF) mechanism in the Linux kernel to monitor and manipulate network traffic. SIM data, IMSI numbers, and authentication keys were exposed. The breach was believed to be the work of an advanced persistent threat (APT) group, potentially linked to Chinese or North Korean actors, although definitive attribution has not been established.<\/span><\/p>\n SK Telecom was fined $96.9M, and the attack was attributed to state-sponsored APT actors.<\/span><\/p>\n Key takeaway: Advanced threats exploit low-level visibility gaps – Linux servers and telecom stacks are not exempt.<\/span><\/p>\n Red Hat GitLab Repository Breach<\/b><\/p>\n Date: October 2025<\/span><\/p>\n Impact: 570 GB, 28,000 repositories<\/span><\/p>\n Threat group Crimson Collective exfiltrated sensitive data across thousands of internal repositories, leaking credentials, API keys, VPN configs, and customer infrastructure details tied to major enterprises and government agencies. The attackers claimed to have exfiltrated 570GB of compressed data from over 28,000 repositories, including sensitive Customer Engagement Reports (CERs) affecting approximately 800 organizations worldwide.<\/span><\/p>\n Key takeaway: Source control platforms are high-value targets when access isn\u2019t continuously audited.<\/span><\/p>\n Qantas Data Breach<\/b><\/p>\n Date: June 2025<\/span><\/p>\n Impact: 5.7 million records<\/span><\/p>\n A third-party Salesforce integration was exploited to access customer personally identifiable information (PII) and frequent flyer data. The attack was confirmed after ransom demands went unpaid and was claimed by Scattered Lapsus$ Hunters. The airline was one of more than 40 firms globally caught up in the hack, reported to contain up to 1bn customer records.<\/span><\/p>\n Key takeaway: Your third-party stack defines your real attack surface.<\/span><\/p>\n Allianz Life Breach<\/b><\/p>\n Date: July 2025<\/span><\/p>\n Impact: 2.8 million records<\/span><\/p>\n Attackers used social engineering to access Salesforce, a cloud-based CRM, then leveraged legitimate Salesforce admin features to export sensitive customer data. Contained within 24 hours, but damage was already done. The ShinyHunters threat group is notorious for advanced vishing attacks that exploit human error to gain Salesforce CRM access, bypassing technical defences.<\/span><\/p>\n Key takeaway: \u201cLegitimate access\u201d is the most dangerous access when abused.<\/span><\/p>\n TransUnion Breach<\/b><\/p>\n Date: July 2025<\/span><\/p>\n Impact: 4.4 million records<\/span><\/p>\n Sensitive personal information belonging to 4.4 million customers, including their names and Social Security numbers, was exposed in a data breach on credit bureau TransUnion which was yet another cyber attack targeting companies’ Salesforce databases. Sensitive personal information belonging to 4.4 million customers, including their names and Social Security numbers, was exposed in a data breach on credit bureau TransUnion, in what is believed to be the latest in a string of attacks targeting companies’ Salesforce databases.<\/span><\/p>\n Key takeaway: APIs are silent data exfiltration channels when misconfigured.<\/span><\/p>\n Farmers Insurance Breach<\/b><\/p>\n Date: August 2025<\/span><\/p>\n Impact: 1.1 million records<\/span><\/p>\n A third-party vendor\u2019s overprivileged Salesforce integration enabled data extraction at scale. Public disclosure was delayed for nearly three months. The third-party vendor had monitoring tools in place, which allowed the vendor to quickly detect the activity and take appropriate containment measures, including blocking the unauthorized actor.<\/span><\/p>\n Key takeaway: Vendor access must be treated as internal risk and governed accordingly.<\/span><\/p>\n Yale New Haven Health System Breach<\/b><\/p>\n Date: March 2025<\/span><\/p>\n Impact: 5.5 million patients<\/span><\/p>\n Yale New Haven Health System (YNHHS) experienced a massive data breach in March 2025, affecting over 5.5 million individuals, exposing sensitive data like names, Social Security numbers, and health info, stemming from a misconfigured storage server, leading to significant investigations, class-action lawsuits, and an $18 million settlement for victims, as reported in late 2025.<\/span><\/p>\n Key takeaway: Healthcare data is only as secure as the weakest external service.<\/span><\/p>\n Blue Shield of California Exposure<\/b><\/p>\n Date: April 2025<\/span><\/p>\n Impact: 4.7 million records<\/span><\/p>\n Blue Shield of California experienced a major data breach (not a traditional hack) where misconfigured Google Analytics tools shared private health info (PHI) of 4.7M members with Google Ads from April 2021 to January 2024, including names, plan details, claim dates, and “Find a Doctor” searches, but not SSNs or financial data, leading to potential ad targeting and class action lawsuits, prompting Blue Shield to halt the sharing and notify members.<\/span><\/p>\n