Staying on top of recent data breaches 2025 isn’t just news tracking—it’s risk management. This rolling guide curates the most recent data breaches with plain-English summaries, verified reports, and clear takeaways, so security and IT teams can move from headlines to actions fast. You’ll find a month-by-month list of the latest data breaches, a quick snapshot table, and analysis of why incidents happened—credential theft, third-party exposure, unpatched vulnerabilities, and ransomware—plus the controls that would have reduced impact.
What we include (and how): we focus on confirmed incidents from official breach notifications, regulator filings, and reputable sources. For each entry, we note sector, data exposed, initial cause, and business impact, then close with what to fix now (from MFA and backup posture to vendor access and configuration hygiene).
Use this page as your “single source” to brief stakeholders, tune defenses, and prioritize data security work. Bookmark it—we keep it updated so you always have the latest on what happened, why it happened, and what to do next.
What counts as a “recent data breach” in 2025?
Definitions, scope, and what we include (breach vs. cyber attack)
Not every cyber attack qualifies as a “data breach.” A breach is confirmed when sensitive data is accessed, stolen, or exposed—think customer records, employee files, payment details, or intellectual property. By contrast, an attack that only disrupts operations (like a DDoS that takes a site offline) is a cyber incident but not necessarily a breach.
For this page, we include cases where:
- Personal or corporate data was confirmed exposed.
- A company or regulator issued a formal breach notification.
- Credible reporting tied the event to stolen or leaked data.
This way, the scope stays clear: we’re tracking recent data breaches in 2025, not every cyber attack.
Sources and verification (breach notifications, reports)
Accuracy matters. To cut through rumor or hype, each entry is verified against:
- Official breach notifications filed with regulators (e.g., GDPR, HIPAA).
- Company disclosures in press releases or investor reports.
- Independent investigations and reputable journalism.
We cross-reference at least two sources whenever possible, so you know you’re reading about real breaches, not speculation. If an event is still under investigation, we’ll note it clearly.
Most recent data breaches (rolling list) — 2025
August 2025 — latest data breaches
Allianz Life (insurance) — ~1.1M impacted
In late July, Allianz Life disclosed that hackers infiltrated a third-party cloud CRM platform, exposing personal and financial details for more than a million customers and advisors. While no policy payouts or investment accounts were directly altered, the stolen records include PII that could be weaponized for identity theft and phishing. The company notified U.S. regulators and customers throughout August. The breach underscores the third-party risk problem insurers face, where vendors often hold sensitive data but operate with different security standards.
Global roundup — 17.3M+ records exposed in August disclosures
According to consolidated reporting, at least 17.3 million records were exposed across incidents disclosed in August. While individual breaches varied in scale, the monthly total is an important metric for benchmarking — showing that the volume of compromised data remains high even when “headline breaches” aren’t dominating the news.
July 2025 — recent data breaches
Co-op UK (retail loyalty) — 6.5M members
The UK’s Co-op supermarket chain confirmed that loyalty data managed by vendor Azpiral had been accessed by attackers. Information included names, contact details, and loyalty IDs for 6.5 million customers. Payment card data was not exposed, but the breach eroded customer trust at a time when retail loyalty platforms are central to personalized marketing strategies. The incident highlights how attackers increasingly target marketing and loyalty platforms because of the scale of personal data they centralize.
Healthcare sector snapshot (U.S.)
HIPAA Journal reported that 48 breaches of 500+ records were logged in July 2025, a 34% decrease compared to June. Still, millions of patient records were compromised, with ransomware and vendor breaches leading the list. For CISOs in healthcare, this reinforces the importance of business associate due diligence and layered defenses in EHR and claims systems.
June 2025 — recent data breaches
Episource (healthcare BA) — 5.4M individuals
Healthcare analytics provider Episource confirmed a data theft affecting 5.4 million individuals, one of the year’s largest. Exposed data included medical diagnoses, billing codes, and personal identifiers. Because Episource serves multiple health plans, the impact cascaded across the U.S. healthcare ecosystem. This breach highlights the systemic risk when large business associates are compromised.
McLaren Health Care (provider) — 743k
Michigan-based McLaren reported a ransomware incident where patient files were exfiltrated. Nearly 750,000 individuals had PII and some health data exposed. Beyond direct risk to patients, the attack disrupted operations and triggered state/federal breach notifications. For healthcare providers, this demonstrates the dual challenge: operational continuity and HIPAA compliance.
Snowflake-linked campaign — ongoing exposure
Security researchers continued tracking fallout from the Snowflake-related incidents that began in late spring, which included the Ticketmaster and Santander disclosures. June saw further reports of stolen credentials resold on forums, and the campaign is being cited as one of the most consequential supply-chain attacks of 2025.
May 2025 — recent data breaches
CMS (Medicare.gov account fraud)
The U.S. Centers for Medicare & Medicaid Services (CMS) disclosed that attackers fraudulently created online Medicare.gov accounts for certain beneficiaries using stolen PII. While CMS systems were not directly breached, the fraud exposed beneficiaries to scams and unauthorized claims activity. CMS began sending breach notifications in May, making this a notable example of how identity fraud intersects with government portals.
Healthcare sector snapshot (U.S.)
May 2025 saw at least 24 healthcare breaches of 10k+ records. The largest came from IT service provider Serviceaide, exposing 483,000 patient records. Business associate breaches again dominated, reminding hospitals and insurers that vendor risk is often the soft underbelly of their security posture.
Coinbase (notification entry)
Consumer breach notifications in May also included reports tied to Coinbase, though numbers were limited. This reflects regulators’ growing emphasis on prompt disclosure, even for incidents where data exposure may be narrow.
April 2025 — recent data breaches
Hertz (car rental) — driver’s license & ID data exposed
Hertz confirmed a breach tied to its file-transfer vendor Cleo. Sensitive information — driver’s license numbers, and in some cases passport and Social Security details — was accessed. While credit card data wasn’t compromised, the scope of PII triggered broad regulatory notifications. The case reinforces that transportation and mobility companies, which rely heavily on outsourcing, need rigorous third-party security audits.
March 2025 — recent data breaches
Yale New Haven Health — 5.5M patients
One of the largest healthcare breaches of 2025 occurred in March, when Yale New Haven Health disclosed that attackers exfiltrated data on 5.5M patients. Exposed records included medical histories, diagnoses, and Social Security numbers. The attack was attributed to an advanced persistent threat (APT) actor using stolen credentials. It has already prompted class-action lawsuits and regulatory scrutiny, making it a textbook case for why data security must be prioritized in hospital systems.
February 2025 — recent data breaches
ALIEN “TXTBASE” stealer logs — 284M emails indexed
Security researchers uncovered a massive trove of stealer logs, later indexed in Have I Been Pwned. The dataset contained 284 million unique email addresses, exposing victims to credential-stuffing attacks. Unlike a corporate breach, this was an aggregation of malware-harvested data, showing how compromised endpoints at scale can flood underground markets.
Monthly roundup — cross-sector disclosures
February also saw dozens of other disclosures across finance, healthcare, and retail, reinforcing that even outside of headline breaches, mid-sized incidents are a constant risk.
January 2025 — recent data breaches
Community Health Center, Inc. — ~1.06M patients
Early in the year, Community Health Center in Connecticut reported a breach that exposed over a million patient records. Data included treatment information and PII. The healthcare nonprofit had to notify regulators and patients, while dealing with HIPAA compliance fallout. This set the tone for 2025 as another heavy year for healthcare breaches.
State AG disclosure trackers (U.S.)
January also brought a wave of state attorney general postings (Massachusetts, Maine, California, Washington) that confirmed multiple smaller incidents. These public portals remain one of the best sources for verifiable breach notification letters, giving CISOs real insight into what attackers are targeting.
Data breach snapshots (quick table)
Why these breaches happened: common vulnerabilities & risks
Credentials & phishing (initial access)
A consistent theme in 2025 breach reports is stolen or phished credentials. Whether through a convincing spear-phishing email, password reuse, or infostealer malware, attackers continue to rely on compromised usernames and passwords as their easiest entry point.
- The TXTBASE stealer logs breach (284M unique emails) is a stark reminder that millions of valid logins are being harvested every day and resold on dark web forums.
- The Yale New Haven Health APT case also showed how an attacker, once armed with stolen credentials, can blend into normal traffic and move laterally across networks without raising alarms.
For organizations, this underscores the importance of multi-factor authentication (MFA), phishing-resistant FIDO2 tokens, and continuous monitoring of leaked credentials through threat intelligence feeds.
Third-party & supply chain weaknesses
From Allianz Life’s CRM vendor to Hertz’s file-transfer provider Cleo, several of this year’s biggest breaches didn’t start inside the organization — they began with a partner. Attackers target vendors precisely because those systems often have privileged access and hold large volumes of sensitive data.
The Snowflake-linked campaign proved how one compromised platform can cascade into dozens of downstream organizations. These incidents highlight the systemic nature of supply chain risk: even if your house is secure, the back door may be wide open through a third party.
Mitigation requires vendor risk management frameworks, strict contractual security requirements, and shared responsibility models that extend monitoring beyond your own perimeter.
Unpatched systems / misconfigurations
Several 2025 disclosures also traced back to known vulnerabilities or insecure configurations. In cloud environments, a single exposed bucket or weak API token can expose millions of records. Traditional IT isn’t immune either: outdated systems in healthcare (EHRs, billing software) remain a high-value target for ransomware actors.
The Tangerine ISP breach (Feb 2024, still relevant as a lesson) showed how a single misconfigured billing platform could expose over 200,000 customer records. These incidents are preventable with a rigorous patch management program and continuous configuration scanning.
Ransomware attacks and extortion trends
Ransomware remains the most visible and disruptive form of cyberattack. In 2025, attackers continue to evolve from “encrypt-and-ransom” to double and triple extortion:
- Encrypting data.
- Stealing and threatening to leak it.
- Threatening to contact regulators or customers if the ransom isn’t paid.
The Evolution Mining case (Aug 2024) and McLaren Health Care breach are prime examples of how ransomware not only disrupts operations but also creates compliance nightmares through data exfiltration.
Organizations that rely on uptime — from hospitals to critical infrastructure — remain prime targets. This makes segmented backups, incident response playbooks, and tabletop exercises essential defenses against the inevitability of attempted ransomware.
What to do after a breach: notifications, containment, and updates
Breach notification steps and timelines
Once a breach is confirmed, the clock starts ticking. Most data protection laws require organizations to notify regulators and affected individuals within strict timelines:
- GDPR (EU): 72 hours to notify authorities.
- HIPAA (US healthcare): 60 days for affected individuals.
- State data breach laws (US): vary, but many mandate disclosure “without unreasonable delay.”
Notification isn’t just a compliance exercise — it’s also about maintaining trust. Clear communication should include: what data was exposed, when it happened, what actions are being taken, and what steps individuals can take to protect themselves. Silence or delay often does more reputational harm than the breach itself.
Data security controls to prioritize now
Containment is step one, but prevention of the next incident starts immediately. The latest data breaches of 2025 repeatedly show weak points in three areas:
- Identity and access: Require MFA across all critical systems, monitor for credential reuse, and review privileged accounts.
- Third-party oversight: Audit vendor security practices, enforce least privilege, and continuously monitor external integrations.
- Resilience: Test backups, segment networks, and validate that data recovery actually works.
- Threat intelligence integration: Monitor for leaked credentials, stolen data, or malware chatter tied to your sector.
Think of these as the “minimum viable controls” organizations need to deploy before the next breach makes headlines.
Lessons learned from the latest incidents
Every breach carries a lesson — and the 2025 cases are no exception:
- AT&T’s Snowflake breach (2024) reminds us that cloud doesn’t eliminate risk; it simply shifts the security boundary.
- Allianz Life (2025) highlights how third-party vendors can become the weakest link in highly regulated sectors.
- Yale New Haven Health (2025) proves that advanced persistent threats (APTs) still exploit stolen credentials and move silently across networks.
- McLaren Health Care (2025) and Evolution Mining (2024) underscore that ransomware is as much about exfiltration and extortion as it is about encryption.
For IT and security leaders, the takeaway is clear: breaches are unavoidable, but impact is manageable when notification, containment, and layered defenses are in place.
How to reduce risk (checklist)
Even with breaches making headlines every week, organizations and individuals can significantly reduce exposure with a few non-negotiable controls:
- Enable multi-factor authentication (MFA) across critical systems.
- Patch and update operating systems, apps, and firmware on schedule.
- Encrypt sensitive data at rest and in transit (AES for bulk data, TLS for communication).
- Audit third-party vendors for security posture and contractual compliance.
- Train employees to recognize phishing and social engineering.
- Segment networks to contain breaches and limit lateral movement.
- Develop an incident response plan and test it with tabletop exercises.
- Back up data regularly and verify restoration works under pressure.
- Leverage threat intelligence feeds to monitor leaked credentials or dark web chatter.
- Prepare transparent breach communications — speed and honesty protect trust.
This checklist is designed to be immediately actionable, mapping directly to the vulnerabilities we saw in the 2025 cases.
FAQ: recent & latest data breaches (2025)
What are the most recent data breaches in 2025?
Major incidents so far include Allianz Life (insurance, Aug 2025), Co-op UK / Azpiral (retail, Jul 2025), Episource and McLaren Health Care (healthcare, Jun 2025), and Yale New Haven Health (healthcare, Mar 2025). Each exposed millions of sensitive records, underscoring systemic risks in finance, retail, and healthcare.
What is the biggest data breach in 2025 so far?
The Allianz Life incident (Aug 2025) is among the largest confirmed breaches this year, affecting over 1.1 million customers in the insurance sector. However, healthcare breaches like Episource (5.4M patients) are notable for their depth of sensitive data.
How are data breaches different from cyberattacks?
A cyber threat or attack can involve disruption, fraud, or ransomware without confirmed exposure of records. A data breach specifically involves the unauthorized access, theft, or leakage of sensitive data (e.g., customer information, financials, PHI).
What are the main causes of the latest data breaches?
Patterns include stolen or phished credentials, third-party vendor compromises, unpatched systems, and ransomware with data exfiltration. These root causes have remained consistent across multiple 2025 cases.
How can organizations prevent future breaches?
Best practices include MFA, encryption, patch management, vendor risk audits, employee training, network segmentation, backups, and a tested incident response plan. Leveraging threat intelligence to detect emerging vulnerabilities is also crucial.
Where can I check if my data was exposed in a recent breach?
Individuals can use services like Have I Been Pwned or follow official breach notifications from companies and regulators. For organizations, monitoring the dark web and credential dumps through security platforms provides early warning.
