Data Breaches 2024-2025

Comprehensive database of major data breaches. Track incidents by industry, attack vector, and records affected. Updated weekly with verified sources.

Last updated: November 17, 2025

Total Breaches

4.3B

Records Affected

Healthcare Breaches

Ransomware Attacks

Key Insights from 2024-2025

Largest Breach: National Public Data with 2.9B records exposed

Most Common Vector: Ransomware (15 incidents) and Third-Party breaches dominate

Healthcare Most Targeted: 11 healthcare breaches averaging $10.93M in costs

Breach Database

Showing 48 breaches

Company	Discovered	Records	Data Types	Industry	Attack Vector	Status
Yale New Haven Health	Mar 8, 2025	5.6M	PII Health/PHI	Healthcare	Unknown	Resolved
Hertz Corporation	Feb 10, 2025	Unknown	PII Credentials	Retail	Third-Party	Resolved
Grubhub	Feb 4, 2025	17.0M	PII Payment Cards	Technology	Third-Party	Investigating
Community Health Center Inc.	Jan 2, 2025	1.1M	PII Health/PHI	Healthcare	Unknown	Resolved
PowerSchool	Dec 28, 2024	62.4M	PII Health/PHI	Education	Exploitation	Resolved
U.S. Department of the Treasury	Dec 8, 2024	Unknown	PII Credentials	Government	Third-Party	Resolved
Blue Yonder	Nov 21, 2024	Unknown	PII Credentials	Technology	Ransomware	Resolved
Hot Topic	Oct 21, 2024	57.0M	PII Payment Cards	Retail	Third-Party	Investigating
Casio	Oct 5, 2024	9K	PII Financial	Technology	Ransomware	Resolved
Globe Life	Jun 1, 2024	850K	PII Health/PHI	Financial	Exploitation	Investigating
MoneyGram	Sep 20, 2024	Unknown	PII Financial	Financial	Phishing	Resolved
MC2 Data	Aug 7, 2024	106.0M	PII Financial	Other	Misconfiguration	Investigating
National Public Data	Apr 8, 2024	2.9B	PII	Other	Exploitation	Resolved
City of Columbus, Ohio	Jul 18, 2024	500K	PII Financial	Government	Ransomware	Resolved
HealthEquity	Mar 25, 2024	4.3M	PII Health/PHI	Healthcare	Third-Party	Resolved
Rite Aid	Jun 6, 2024	2.2M	PII	Retail	Ransomware	Resolved
Trello (Atlassian)	Jan 16, 2024	15.0M	PII Credentials	Technology	Misconfiguration	Resolved
AT&T	Apr 19, 2024	110.0M	PII	Technology	Third-Party	Resolved
Evolve Bank & Trust	May 29, 2024	7.6M	PII Financial	Financial	Ransomware	Resolved
Synnovis	Jun 3, 2024	Unknown	PII Health/PHI	Healthcare	Ransomware	Resolved
Los Angeles Unified School District	May 27, 2024	24.0M	PII	Education	Third-Party	Investigating
Landmark Admin	May 13, 2024	1.6M	PII Financial	Financial	Exploitation	Resolved
Ticketmaster	May 20, 2024	560.0M	PII Payment Cards	Retail	Third-Party	Investigating
Ascension Health	May 8, 2024	5.6M	PII Health/PHI	Healthcare	Ransomware	Resolved
Dell Technologies	Apr 28, 2024	49.0M	PII	Technology	Exploitation	Resolved
Dropbox Sign	Apr 24, 2024	Unknown	PII Credentials	Technology	Exploitation	Resolved
Kaiser Foundation Health Plan	Apr 12, 2024	13.4M	PII Health/PHI	Healthcare	Misconfiguration	Resolved
Roku	Mar 8, 2024	576K	PII Credentials	Technology	Exploitation	Resolved
Frontier Communications	Apr 14, 2024	752K	PII	Technology	Ransomware	Resolved
Omni Hotels & Resorts	Mar 29, 2024	3.5M	PII	Retail	Ransomware	Resolved
Hoya Corporation	Mar 30, 2024	Unknown	PII Financial	Technology	Ransomware	Resolved
AT&T	Mar 30, 2024	73.0M	PII	Technology	Unknown	Resolved
Change Healthcare	Feb 21, 2024	192.7M	PII Health/PHI	Healthcare	Ransomware	Resolved
Cencora	Feb 21, 2024	1.4M	PII Health/PHI	Healthcare	Unknown	Resolved
Prudential Financial	Feb 5, 2024	2.6M	PII	Financial	Ransomware	Resolved
Financial Business and Consumer Solutions	Feb 26, 2024	4.3M	PII Financial	Financial	Ransomware	Resolved
Bank of America	Nov 24, 2023	57K	PII Financial	Financial	Third-Party	Resolved
Concentra Health Services	Nov 10, 2023	4.0M	PII Health/PHI	Healthcare	Third-Party	Resolved
Integris Health	Nov 28, 2023	2.4M	PII	Healthcare	Unknown	Resolved
loanDepot	Jan 8, 2024	16.9M	PII Financial	Financial	Ransomware	Resolved
Xfinity (Comcast)	Oct 25, 2023	35.9M	PII Credentials	Technology	Exploitation	Resolved
23andMe	Oct 6, 2023	6.9M	PII Health/PHI	Healthcare	Exploitation	Resolved
Advance Auto Parts	May 23, 2024	2.3M	PII	Retail	Third-Party	Resolved
Neiman Marcus	May 14, 2024	64K	PII Payment Cards	Retail	Third-Party	Resolved
Santander Bank	May 14, 2024	30.0M	PII Financial	Financial	Third-Party	Investigating
Pure Storage	May 24, 2024	Unknown	PII	Technology	Third-Party	Resolved
DISA Global Solutions	Feb 21, 2025	3.3M	PII	Other	Unknown	Investigating
Tata Technologies	Jan 31, 2025	Unknown	PII Financial	Technology	Ransomware	Investigating

Yale New Haven Health Resolved

Discovered:

3/8/2025

Records:

5.6M

Healthcare Unknown

Connecticut's largest healthcare provider suffered a network intrusion exposing patient names, SSNs, medical record numbers, and demographic information for over 5.5 million individuals.

Hertz Corporation Resolved

Discovered:

2/10/2025

Records:

Unknown

Retail Third-Party

Hertz customer data including driver's licenses and SSNs were stolen via Cleo file transfer vulnerabilities exploited by Cl0p ransomware gang between October-December 2024.

Grubhub Investigating

Discovered:

2/4/2025

Records:

17.0M

Technology Third-Party

Grubhub data breach via compromised third-party vendor exposed customer, driver, and merchant contact information including hashed passwords and partial payment card data.

Community Health Center Inc. Resolved

Discovered:

1/2/2025

Records:

1.1M

Healthcare Unknown

Connecticut healthcare provider breach exposed SSNs, COVID vaccination records, diagnoses, and treatment information for over 1 million patients.

PowerSchool Resolved

Discovered:

12/28/2024

Records:

62.4M

Education Exploitation

Massive K-12 education breach exposed personal data of 62.4 million students and educators including names, SSNs, medical information, and grades after compromised credentials accessed PowerSource portal.

U.S. Department of the Treasury Resolved

Discovered:

12/8/2024

Records:

Unknown

Government Third-Party

Chinese state-sponsored APT group Silk Typhoon exploited BeyondTrust API vulnerability to access Treasury workstations and unclassified documents in major federal breach.

Blue Yonder Resolved

Discovered:

11/21/2024

Records:

Unknown

Technology Ransomware

Termite ransomware gang attacked supply chain management provider, disrupting operations at Starbucks, Sainsbury's, and Morrisons with 680GB of data exfiltrated.

Hot Topic Investigating

Discovered:

10/21/2024

Records:

57.0M

Retail Third-Party

Largest retail breach in history exposed 57 million customer records including partial credit card numbers and personal information via compromised Snowflake cloud account.

Casio Resolved

Discovered:

10/5/2024

Records:

Technology Ransomware

Underground ransomware gang attacked Casio via phishing, exposing personal data of 8,500 employees, business partners, and customers including payroll information.

Globe Life Investigating

Discovered:

6/1/2024

Records:

850K

Financial Exploitation

Insurance giant Globe Life faced extortion attempts after hackers stole SSNs, health data, and policy information of 850,000 customers from subsidiary web portal.

MoneyGram Resolved

Discovered:

9/20/2024

Records:

Unknown

Financial Phishing

Social engineering attack on MoneyGram's help desk exposed customer SSNs, government IDs, bank account numbers, and transaction data during three-day attack.

MC2 Data Investigating

Discovered:

8/7/2024

Records:

106.0M

Other Misconfiguration

Background check company left 2.2TB database passwordless, exposing records of 106 million Americans including SSNs, employment history, and legal records.

National Public Data Resolved

Discovered:

4/8/2024

Records:

2.9B

Other Exploitation

One of largest breaches ever exposed 2.9 billion records including SSNs and personal data of up to 170 million people, leading company to file bankruptcy.

City of Columbus, Ohio Resolved

Discovered:

7/18/2024

Records:

500K

Government Ransomware

Rhysida ransomware gang stole 6.5TB of city data including SSNs and bank accounts of 500,000 residents after demanding $1.9 million ransom.

HealthEquity Resolved

Discovered:

3/25/2024

Records:

4.3M

Healthcare Third-Party

Third-party vendor breach exposed health savings account holder data including SSNs, diagnoses, prescriptions, and partial payment card information for 4.3 million people.

Rite Aid Resolved

Discovered:

6/6/2024

Records:

2.2M

Retail Ransomware

RansomHub ransomware attack via impersonated employee credentials exposed driver's license numbers and personal data of 2.2 million pharmacy customers.

Trello (Atlassian) Resolved

Discovered:

1/16/2024

Records:

15.0M

Technology Misconfiguration

Unsecured REST API allowed threat actor to scrape 15 million user email addresses and profile information by querying with known email addresses.

AT&T Resolved

Discovered:

4/19/2024

Records:

110.0M

Technology Third-Party

AT&T breach via compromised Snowflake account exposed call and text records of nearly all 110 million cellular customers dating back to mid-2022.

Evolve Bank & Trust Resolved

Discovered:

5/29/2024

Records:

7.6M

Financial Ransomware

LockBit ransomware attack via malicious link click exposed SSNs and bank account numbers of 7.6 million people including fintech partner customers like Wise and Affirm.

Synnovis Resolved

Discovered:

6/3/2024

Records:

Unknown

Healthcare Ransomware

Qilin ransomware attack on NHS pathology services caused blood shortage crisis in London hospitals, forcing cancellation of 800+ surgeries with £32.7M in damages.

2024-2025 Breach Analysis

Major Trends

The 2024-2025 breach landscape is dominated by three critical patterns: supply chain attacks, ransomware escalation, and healthcare targeting.

1. Supply Chain Vulnerabilities

The Snowflake breach campaign affected 165+ organizations including Ticketmaster (560M records), AT&T (110M records), and Santander (30M records). Third-party risk management failures enabled cascading breaches across industries.

2. Ransomware Evolution

Ransomware groups like ALPHV/BlackCat, RansomHub, and LockBit executed sophisticated attacks. The Change Healthcare breach ($2.87B cost) demonstrated how ransomware can cripple critical infrastructure. Key tactic: double extortion (encrypt + steal data).

3. Healthcare Under Siege

Healthcare breaches averaged $10.93M in costs—highest of any industry. Notable incidents: Change Healthcare (192.7M records), Ascension Health (5.6M records), Yale New Haven Health (5.5M records). HIPAA violations compound financial damage with regulatory penalties.

Attack Vector Distribution

Ransomware: 15 incidents (31%)
Third-Party/Supply Chain: 14 incidents
Exploitation: 9 incidents
Misconfiguration: 3 incidents

Lessons for Organizations

Third-party risk is your risk: Audit vendor security controls. The weakest link in your supply chain becomes your breach.
Detection speed matters: Average detection time is 277 days. Organizations that contain breaches under 200 days save 54% on costs.
Ransomware requires preparation: Have offline backups, incident response plans, and never pay without expert consultation.
Healthcare needs specialized security: PHI exposure carries maximum regulatory and reputational damage.
Basic security hygiene fails: Many breaches exploit unpatched systems, weak credentials, and misconfigured cloud services.

Don't Become a Statistic

The average breach costs $4.45M and takes 277 days to detect. Prepare your incident response plan now—before you need it.

Download Response Plan Template Find IR Specialists

Data Sources

Breach information compiled from: HIPAA Journal, BleepingComputer, TechCrunch, SecurityWeek, state Attorney General breach notifications, company disclosures, and HaveIBeenPwned. All data verified against multiple sources where possible. Records affected are based on official disclosures or credible estimates.