Article Read Time
The list you NEVER want to make!
Data breaches in 2025 weren’t defined by a single “mega-breach,” but by a steady run of high-impact incidents that hit everyday institutions: schools, hospitals, credit bureaus, crypto platforms, and major consumer services. The Identity Theft Resource Center (ITRC) counted 1,732 U.S. data compromises in the first half of 2025, affecting 165.7 million people, and found that cyberattacks and supply-chain exposure continue to dominate. Meanwhile, Verizon’s 2025 DBIR continued to underscore the “how”: credential abuse, vulnerability exploitation, phishing, and a heavy mix of third-party involvement.
Below are several of the most consequential data breaches disclosed or accelerated by new developments in 2025, based on scale, sensitivity, and real-world risk.
PowerSchool: student and teacher data used for extortion
One of 2025’s most alarming incidents targeted PowerSchool, a widely used K–12 education software provider. Prosecutors described stolen data impacting more than 60 million students and 10 million teachers, tied to a hack that led to attempted extortion. Reporting also indicated that hackers tried to leverage previously stolen data to extort multiple school districts.
Why it matters: education records can include contact data, IDs, and, in some cases, health/IEP information, making them ideal fuel for identity fraud and highly convincing phishing against families and staff.
Coupang Data Breaches: breach affecting most of South Korea’s online shoppers
In one of the year’s most significant consumer breaches globally, South Korean e-commerce giant Coupang disclosed a compromise affecting over 33 million customer accounts, a figure widely framed as impacting a majority of the country’s population. Reports described the exposure of personal details (such as names, contact info, and purchase/order history) and intense political scrutiny over delayed detection and response.
Why it matters: Even without payment card exposure, a dataset that combines identity and purchase patterns is extremely useful for account takeover, targeted scams, and doxxing-style harassment.
Yale New Haven Health Data Breaches: 5.5 million patients affected
Healthcare remained a prime target. Yale New Haven Health disclosed a network intrusion that exfiltrated files containing patient information, affecting 5,556,702 individuals. The organization said the data varied by person, potentially including demographics and identifiers such as Social Security numbers.
Why it matters: healthcare breaches are uniquely damaging because medical identity data is complex to “change,” and it can be exploited for years (fraudulent claims, synthetic identity creation, targeted social engineering).
700Credit Data Breaches: supply-chain/API exposure of 5.6 million people
A major U.S. breach at 700Credit (used for identity/credit verification in auto-dealership contexts) affected about 5.6 million people, with reports pointing to a third-party/supply-chain compromise and API abuse. Stolen data reportedly included sensitive identifiers such as Social Security numbers.
Why it matters: This is the modern breach pattern; your data can be lost by a vendor you’ve never heard of, because they sit in the transaction path.
TransUnion: 4.4 million consumers impacted
Credit bureau TransUnion disclosed that about 4.4 million people had data exposed in a hack connected to an unidentified third party.
Why it matters: credit-bureau datasets are “high-octane” for criminals’ names, dates of birth, SSNs, and related identity details, which are the building blocks for new-account fraud and tax/refund scams.
Coinbase: insider-assisted access and a costly response
Crypto exchange Coinbase warned of a potential $180M–$400M financial impact from a cyber incident involving customer account data for a subset of users, describing the termination of contractors/employees outside the U.S. and noting that it refused a ransom demand.
Why it matters: 2025 continued to show that “hacking” is often a people-and-process failure, bribery, social engineering, and insider access can bypass technical controls.
Oracle/Cerner: alleged theft of patient data from legacy systems
Reuters reported the FBI was investigating a cyberattack involving Oracle servers tied to older Cerner systems, with patient data allegedly copied and used in extortion attempts against medical providers.
Why it matters: Large platforms that acquire legacy environments inherit old risks. Breaches increasingly emerge from the “not-yet-migrated” corners of big IT estates.
Salesforce “record theft” claims: the uncertainty problem
Cybercriminals tied to retailer ransomware incidents claimed they had stolen nearly 1 billion records by targeting organizations that use Salesforce.
Why it matters: even when claims are disputed or hard to verify quickly, organizations still face urgent response work, credential resets, log reviews, customer communications, and regulator questions often before facts are apparent.
Late-year consumer service breaches (Pornhub, SoundCloud): privacy and trust fallout
A late-2025 breach claim involving Pornhub premium user data highlighted an especially sensitive category of harm, privacy exposure. However, public reporting reflected uncertainty about the scope and sourcing (including questions about third-party analytics). SoundCloud also confirmed a breach affecting user data (email addresses and profile information), triggering service disruptions and cleanup.
Across these incidents, several themes repeated:
- Third-party and supply-chain weaknesses (vendors, integrations, legacy acquisitions).
- Credential-driven access (stolen passwords, reused logins, insider misuse).
- Extortion as a business model, even when encryption isn’t the main event, stolen data becomes leverage.
If you want, I can tailor a version of this for a non-technical audience (or for executives) and add a short “what to do now” checklist for organizations.
At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things. Contact us today or sign up for a free consultation.