Top 15 Data Breaches of 2025 and Their Financial Impacts

Cyberattacks in 2025 exposed serious security lapses across industries, often triggered by internal mistakes. According to the Verizon Data Breach Investigations Report (DBIR) 2025, human error directly caused 60% of all breaches, making it the single largest driver of successful attacks.

At the same time, Business Email Compromise (BEC) attacks surged to record highs, with global losses reaching $6.3 billion and a median loss of $50,000 per incident, showcasing the growing cost of social engineering and poor email hygiene.

In this blog, we’ll break down the top 15 data breaches of 2025, explaining how each incident unfolded, what went wrong, and the financial impact left behind. Each case offers clear lessons for security leaders looking to close critical gaps before attackers exploit them.

What Is a Data Breach?

A data breach occurs when an unauthorized party gains access to sensitive information, such as customer data, financial records, or employee credentials, without permission. Once accessed, this information is often sold on the dark web, leaked publicly, or used for identity theft, fraud, or corporate espionage.

These incidents aren’t limited to large enterprises. From startups to Fortune 500 companies, every organization is vulnerable. Breaches typically happen due to weak passwords, unpatched software, misconfigured systems, or phishing attacks that trick users into giving away access.

Think your data isn’t valuable? Cybercriminals often start small. A single compromised password can serve as a gateway to entire networks—turning personal or business accounts into high-value targets.

Why Do Data Breaches Occur?

Data breaches continue to escalate because attackers exploit both technical vulnerabilities and human mistakes. As organizations digitize more operations and manage larger volumes of sensitive data, the attack surface expands—and many fail to secure it adequately.

Here are the most common causes behind a data breach:

• Human Error: Employees fall for phishing attacks, use weak or reused passwords, or mishandle confidential data. These missteps account for a majority of security incidents.
• Outdated Security Systems: Unpatched software, legacy infrastructure, and poor system configurations make it easy for attackers to slip in undetected.
• Malware and Ransomware: Threat actors deploy malicious code to steal data, disrupt operations, or extort businesses—often bypassing traditional defenses.
• Insider Threats: Breaches aren’t always external. Contractors or disgruntled staff with privileged access can leak or sabotage critical information.
• Targeted Cyberattacks: Sectors like healthcare, finance, and education are frequent targets due to the high value of their records, making them prime candidates for targeted exploits.

Even a single unpatched system or careless click can escalate into a full-scale data breach—making proactive defense not optional, but critical.

Top 15 Data Breaches of 2024 - 2025

From stolen customer data to massive ransomware payouts, these breaches left a trail of financial and reputational damage. Let’s take a closer look at the ten biggest breaches of the year and the costly lessons they taught us.

1. National Public Data Breach

In August 2024, National Public Data (NPD) confirmed a breach that compromised sensitive information, including Social Security numbers, impacting nearly all Americans. The breach has led to multiple lawsuits alleging negligence and fiduciary breaches.

While the exact financial impact on NPD is not publicly detailed, the breach exposed sensitive information of approximately 2.9 billion individuals, resulting in significant costs related to legal actions, regulatory fines, and remediation efforts.

2. UnitedHealth Group Ransomware Attack

UnitedHealth Group faced a massive ransomware attack in early 2024, compromising the private data of over 100 million individuals. The company paid the hackers a $22 million ransom, though additional threats may have led to a second ransom payment.

3. Snowflake Data Breach

Starting in April 2024, more than 100 customers of Snowflake, Inc., were targeted in a mass data breach campaign. Hackers accessed and stole vast amounts of sensitive customer data, including billions of call records. The breach has been described as one of the largest data breaches ever.

4. AT&T Data Breach

In April 2024, hackers affiliated with the ShinyHunters group breached AT&T Wireless, stealing data on over 110 million customers. In May, AT&T paid a $370,000 ransom to one of the group's members to delete the data.

5. Ticketmaster Data Breach

Hackers working with ShinyHunters claimed responsibility for breaching Ticketmaster in 2024, leaking alleged Taylor Swift tickets, and amplifying extortion efforts. The breach involved the theft of event ticket barcodes for nearly all concert events in 2024.

Though the exact costs are not fully disclosed. Notable financial impacts include:

• Stock Price Decline: Following the breach announcement, Live Nation, Ticketmaster's parent company, experienced a drop in stock value.
• Class Action Lawsuits: Ticketmaster faces multiple class action lawsuits seeking damages of at least $5 million for affected users, plus legal fees and costs.
• Regulatory Fines: While specific fines for the 2024 breach have not been reported, in a previous incident, the UK's Information Commissioner's Office fined Ticketmaster £1.25 million for a 2018 data breach, indicating the potential for substantial penalties.
• Remediation Expenses: The company has offered free identity monitoring services to victims as part of its effort to mitigate potential harm.

6. Santander Data Breach

On May 30, 2024, Santander was breached by ShinyHunters, resulting in the hacking of data belonging to all Santander staff and '30 million' customers in Spain, Chile, and Uruguay.

The exact financial impact of the 2024 Santander data breach has not been publicly disclosed. However, the breach was significant. The hacker group ShinyHunters claimed responsibility and allegedly offered the stolen data for sale on the dark web for $2 million

7. Change Healthcare Ransomware Attack

In 2024, Change Healthcare, a major healthcare technology company, fell victim to a devastating ransomware attack carried out by the ALPHV/BlackCat cybercriminal group. The breach impacted sensitive data belonging to over 100 million individuals, marking it as one of the most significant ransomware incidents of the year.

The attackers successfully infiltrated the company's systems, encrypting critical data and disrupting operations. The compromised information reportedly included personal details, medical records, and billing information, making it a highly sensitive and consequential breach for those affected.

Faced with mounting pressure to restore their operations and protect the exposed data, Change Healthcare opted to pay a ransom of $22 million to the hackers. This decision sparked significant controversy, as it not only underscored the vulnerability of even major corporations to sophisticated cyber threats but also highlighted the ethical dilemmas surrounding ransom payments in such scenarios.

In addition to the ransom payment, Change Healthcare incurred substantial costs related to forensic investigations, system recovery, legal fees, regulatory fines, and customer remediation efforts. The breach also led to significant reputational damage, potentially eroding trust among customers and stakeholders in the healthcare industry.

8. T-Mobile Data Breach

In 2024, T-Mobile entered into a $31.5 million settlement agreement with the Federal Communications Commission (FCC) to address a series of data breaches that had exposed the sensitive information of millions of its customers. The settlement followed a comprehensive FCC investigation into T-Mobile's cybersecurity practices, which uncovered lapses that contributed to unauthorized access to customer data.

The breaches, spanning multiple incidents, compromised a wide range of sensitive information, including customer names, addresses, phone numbers, account numbers, and in some cases, Social Security numbers. The exposure of this data not only posed significant privacy risks but also left affected customers vulnerable to identity theft and fraud.

As part of the settlement, T-Mobile agreed to implement enhanced security measures to mitigate future risks. These measures included improving encryption protocols, bolstering network monitoring systems, conducting regular penetration testing, and providing additional employee training on data security best practices. T-Mobile also committed to offering identity theft protection services to affected customers as part of its remediation efforts

9. Bridgeway Center Data Breach

In 2024, Bridgeway Center faced a significant lawsuit over allegations of failing to safeguard consumer information during a cyberattack. The breach exposed sensitive personal data, sparking legal actions from affected individuals.

As part of the resolution, a multi-million-dollar settlement was reached, allowing affected parties to claim compensation of up to $7,500 each, depending on the severity of their impact. The settlement aimed to address damages caused by the breach, including potential identity theft, financial losses, and emotional distress.

10. Comcast Data Breach

In October 2024, Comcast disclosed a data breach impacting the personal information of over 237,700 customers. The breach, originating from a ransomware attack on Financial Business and Consumer Solutions (FBCS), a former debt collection agency partner, exposed sensitive details, including names, addresses, Social Security numbers, dates of birth, and Comcast account numbers. The attack occurred in February 2024, but Comcast only became aware of its full impact in July after updated findings from FBCS.

The financial repercussions of the breach are significant, though exact figures remain undisclosed. Comcast is offering affected customers 12 months of complimentary identity theft protection, which adds to legal expenses, potential regulatory fines, and operational costs. The breach also raises concerns about reputational damage, customer trust, and the financial burden of managing fallout from the compromised data.

In response, Comcast has taken steps to notify impacted customers, provide identity theft protection, and review its cybersecurity policies, particularly regarding third-party vendors. This breach highlights the critical importance of maintaining robust data security measures and enforcing stricter controls over data retention practices with external partners.

11. PowerSchool Data Breach

In January 2025, PowerSchool, a leading provider of K-12 educational software, disclosed a breach affecting over 62 million students and 9.5 million teachers across North America. Hackers exploited a single compromised credential to access the company's customer support portal, leading to the exposure of sensitive information, including grades, medical records, and Social Security numbers. The breach has raised serious concerns about data security in educational institutions.

12. Frederick Health Ransomware Attack

On January 27, 2025, Frederick Health Medical Group experienced a ransomware attack compromising the personal data of approximately 934,326 individuals. The stolen information included names, addresses, Social Security numbers, medical record numbers, and health insurance details. While the responsible party has not been identified, the healthcare provider offered free credit monitoring and identity theft protection to those affected.

13. Yale New Haven Health Data Breach

In March 2025, Yale New Haven Health reported a data breach impacting about 5.6 million patients. Unauthorized access to a network server exposed demographic data such as names, dates of birth, contact information, and medical record numbers. Although financial and sensitive medical data were reportedly unaffected, the incident has led to multiple federal lawsuits alleging negligence in data protection.

14. Scale AI Data Exposure

In June 2025, Scale AI inadvertently exposed sensitive data of major clients, including Meta, Google, and Elon Musk’s xAI, by publicly sharing confidential Google Docs. The documents contained project details, training data, and personal information about contractors. Although no external breach was confirmed, the incident highlighted vulnerabilities in data handling practices within AI development firms.

15. Bank Sepah Cyberattack

In March 2025, Iranian state-owned Bank Sepah suffered a significant cyberattack by the hacker group "Codebreakers," who claimed to have stolen 12 terabytes of data, including information on 42 million customers. The hackers demanded a $42 million ransom, which the bank refused to pay. Subsequently, portions of the data, including details of high-ranking military officials, were leaked online, causing public outrage and exposing vulnerabilities in Iran's financial infrastructure.

How Keepnet Helps to Mitigate Risk of Data Breaches

Keepnet provides a comprehensive, proactive approach to mitigating data breach risks by addressing both the technical and human elements of cybersecurity. By empowering employees, detecting vulnerabilities, and responding to threats in real time, Keepnet minimizes the likelihood and impact of data breaches.

Proactive Security Awareness Training

Human error remains one of the leading causes of data breaches. Keepnet’s security awareness training reduces this risk by educating employees to recognize phishing attempts, unsafe behaviors, and suspicious activity. Key features include:

• Behavioral Risk Mitigation: Identifies and addresses risky user actions that could lead to data exposure.
• Customizable Content: Tailored training modules align with organizational needs and cover scenarios most relevant to data breach prevention.
• Automated Training Programs: Continuous learning ensures employees stay vigilant against evolving threats.

Phishing Simulations to Reduce Entry Points

Data breaches often start with phishing attacks. Keepnet’s phishing simulation tools create real-world scenarios to help employees recognize and avoid phishing attempts. These simulations include email, SMS, voice phishing, and multi-factor authentication phishing, ensuring comprehensive protection against attacks that lead to breaches.

Incident Response and Forensic Analysis

If a data breach occurs, Keepnet’s incident response tool provides rapid containment and analysis to limit damage. The platform integrates with sandboxing, antivirus, and threat intelligence tools to detect and neutralize threats early. SOAR integrations automate response workflows, reducing attacker dwell time and preventing further exploitation.

Threat Sharing and Threat Intelligence Platform

Keepnet has Threat Sharing Platform to help you find data on malicious indicators linked to data breaches, such as compromised credentials or malware signatures. Moreover, the Threat Intelligence platform performs breach analysis, helping organizations identify exposed accounts or data vulnerabilities, enabling preemptive action to mitigate further risks.

By combining employee training, phishing simulations, threat intelligence, and incident response, Keepnet delivers a holistic solution to mitigate data breach risks and safeguard sensitive information across an organization.

Editor's Note: This article was updated on June 26, 2025.