The first two months of 2025 have triggered a wave of massive cybersecurity failures, exposing the personal, financial, and medical records of millions. Following a 2024 that saw over 1 billion records compromised, this year is trending toward an even more severe trajectory for global data security.
PowerSchool: A Massive Breach of Student Data
Edtech giant PowerSchool, which provides software to over 18,000 North American schools, suffered a catastrophic breach disclosed in January. While the company has been opaque regarding exact figures, reports indicate that up to 62 million students and 9.5 million teachers may be affected.
The intrusion stemmed from a single compromised credential used to access a customer support portal. Attackers gained deep access to the PowerSchool SIS, pulling sensitive data including Social Security numbers, medical records, and, in some cases, information regarding restraining orders. Confirmed filings from regions like Texas and the Rochester City School District underscore the scale, while 16,000 individuals in the United Kingdom were also confirmed as victims.
DOGE Access Sparks Federal Data Controversy
The Trump administration’s Department of Government Efficiency (DOGE), led by Elon Musk, has faced intense scrutiny over its access to sensitive U.S. federal systems. Critics and legal coalitions argue that private-sector employees within DOGE have gained unauthorized entry to critical payment systems that handle trillions of dollars and hold the personal data of millions of Americans.
The situation has escalated into a legal battle, with over a dozen states and more than 100 federal officials suing the agency for accessing personnel records without proper authorization, marking what many experts consider one of the largest compromises of U.S. government data in history.
Healthcare Vulnerabilities: One Million Patients Exposed
In January, the Connecticut-based nonprofit Community Health Center (CHC) announced a major security failure. A hacker breached its network, compromising the sensitive health information of over one million patients.
The stolen data includes highly private details such as diagnoses, treatment plans, test results, and health insurance information, alongside Social Security numbers and contact details. The breach highlights the ongoing struggle for healthcare providers to secure patient data against sophisticated digital threats.
Stalkerware Apps Expose Millions of Devices
A February investigation revealed that three popular stalkerware applications—Cocospy, Spyic, and Spyzie—contained a critical security flaw. This vulnerability allowed unauthorized parties to access private messages, photos, and call logs from devices where the apps were installed.
Beyond the individual device data, the flaw exposed the email addresses of approximately 3.2 million customers who purchased the software. This information was subsequently shared with the breach notification platform Have I Been Pwned, highlighting the dual risk posed by both the surveillance software and its insecure infrastructure.
DISA Breach: Millions of Background Checks Compromised
Texas-based employee screening firm DISA confirmed in February that a breach occurring in April 2024 exposed the records of 3.3 million people. The company, which handles drug tests and background checks, admitted that an unidentified hacker maintained access to its network for over two months.
While DISA’s internal investigation remained inconclusive regarding the full scope of the theft, state filings in Massachusetts confirmed that Social Security numbers, financial data, and government-issued identity documents were among the stolen files, leaving millions of individuals vulnerable to identity theft.