We are only a few months into 2025, and already, the year has witnessed multiple data breaches that have compromised the personal information of millions of individuals, encompassing a wide range of data including student records, phone data, and sensitive health information.

In 2024, there were over 1 billion records stolen in data breaches. Given the trend in the first two months of 2025, it appears that this year could set a new record for the number of data breaches.

PowerSchool Breach Likely Impacts Tens of Millions of Students and Teachers

One of the most significant data breaches in recent history is that of PowerSchool, a leading edtech company. Although the exact number of stolen records remains undisclosed by PowerSchool, reports indicate that the breach may have affected over 62 million students and 9.5 million teachers in the United States.

PowerSchool, which serves over 18,000 schools across North America with its K-12 software, first announced the data breach in January. According to the company, the breach occurred when hackers utilized a single compromised credential to gain access to its customer support portal, thereby obtaining access to the extensive data within its school information system, PowerSchool SIS, which is used by schools to manage student records.

The hackers gained access to sensitive personal information, including students’ grades, medical information, and Social Security numbers. Multiple schools affected by the breach have informed TechCrunch that additional highly sensitive information, such as details about restraining orders, was also accessed.

While PowerSchool has neither confirmed nor denied the reported figure of 62 million affected individuals, various filings have confirmed that millions of people were impacted by the breach. For instance, a filing with the Texas attorney general revealed that nearly 800,000 state residents had their data stolen, and the Rochester City School District confirmed that 134,000 students were affected.

PowerSchool has recently confirmed to TechCrunch that approximately 16,000 individuals in the United Kingdom also had their data stolen in the breach.

Musk’s DOGE Access Represents a Huge Compromise of U.S. Federal Government Data

During the initial weeks of the Trump administration, a different type of breach occurred, which is likely to be recorded as the largest ever compromise of U.S. government data.

Individuals working for Elon Musk, who is behind the Trump administration’s Department of Government Efficiency, or DOGE, took control of top federal departments and datasets to access vast amounts of sensitive federal data. DOGE, comprised primarily of private-sector employees from Musk’s businesses, gained wide access to the U.S. government’s critical payment systems containing the personal information of millions of Americans and responsible for disbursing trillions of dollars annually.

Subsequently, a coalition of more than a dozen U.S. states has filed a lawsuit to block Musk’s team from accessing government systems that contain the personal data of Americans. Furthermore, over 100 current and former federal officials have sued Musk’s DOGE agency for accessing sensitive personnel records without proper authorization.

Community Health Center, a nonprofit healthcare provider based in Connecticut, announced in January that a hacker had accessed the sensitive data of over a million patients.

The hacker compromised the network of Community Health Center on January 2, stealing patients’ personal data and sensitive health information, including addresses, phone numbers, diagnoses, treatment details, test results, Social Security numbers, and health insurance information.

Stalkerware Apps Cocospy, Spyic, and Spyzie Expose Phone Data of Millions of People

A security researcher revealed to TechCrunch in February that three stalkerware apps had exposed the personal data of millions of people who unknowingly had these apps installed on their devices.

The three apps, Cocospy, Spyic, and Spyzie, share a common security vulnerability that allows anyone to access personal data, including messages, photos, and call logs, from devices with the apps installed, often without the device owner’s knowledge.

The vulnerability also exposes the email addresses of individuals who signed up for the stalkerware apps, enabling a security researcher to collect around 3.2 million email addresses of Cocospy, Spyic, and Spyzie customers, which were then provided to the breach notification site Have I Been Pwned.

U.S. Employee Screening Service DISA Confirms Breach Affecting Over 3 Million People

DISA, a Texas-based provider of employee screening services, confirmed in February a massive data breach that occurred almost a year earlier in April 2024.

In a filing with Maine’s attorney general, DISA stated that the breach affected more than 3.3 million people who had undergone employee screening tests. Although the company’s internal investigation was unable to definitively conclude what specific data was stolen, a separate filing in Massachusetts confirms that Social Security numbers, financial information, and government-issued identity documents are among the stolen data.

DISA attributed the breach to an unidentified hacker who had access to a portion of the company’s network for over two months before being detected.