Introduction
It’s already been a busy year for cyber-crime. Ransomware fees average at record highs. Artificial intelligence speeds the creation and hones the efficiency of malware attacks. The average data breach now costs over $5M.
What kind of threats are causing the most trouble right now? How can we protect ourselves from similar cyberattacks?
PowerSchool Data Breach
On December 28 of 2024, cloud-based educational software provider, PowerSchool, suffered a significant data breach which they disclosed on January 7, 2025.
The breach affected over 70M individuals, including 62.4M students and 9.5M teachers. Hackers accessed the system using stolen credentials and extracted data from PowerSIS databases. Compromised data included personal information such as grades, medical information, and Social Security numbers.
What did they do to help remediate some of the damage? PowerSchool offered two years of free identity theft protection and credit monitoring to those affected by the data breach.
If you receive notification that your private information has been compromised in a larger data breach, take immediate action. The faster you react to an incident, the faster you can jumpstart remediation tactics. Change your username and passwords, as well as any other website that shares though credentials. Use a secure, encrypted password manager to help generate and store unique, complex credentials for each and every account you create!
WhatsApp Spyware Hack
In early 2025, Meta confirmed a sophisticated zero-click attack on WhatsApp users. The attack was carried out using spyware called Graphite, which was developed by Israel-based Paragon Solutions. It targeted around 90 high-risk users, including journalists and civil society members.
What does “zero-click” mean? In this type of attack, hackers do not interact with the victim; hence there are zero-clicks between them. Instead, they embed the malware within one-time requests, attachments and downloads, social media and SMS messages, and even phone calls. This is just one of many reasons why you should not pick up unknown calls, answer random texts, or download unsolicited files!
In this case, the Graphite spyware gained full access to a compromised device, thereby allowing attackers to read encrypted messages, monitor calls, and track locations. Meta has since issued a cease and desist letter to Paragon Solutions and is exploring further legal action.
U.S. Department of Defense Credentials Stolen
In 2025, hundreds of credentials belonging to United States DoD personnel were found for sale on the Dark Web. This breach highlights the rising threat of credential-based attacks, which have surged by 442% in the second half of 2024.
High-profile attacks like this are particularly worrisome for the victims. Stolen government credentials could allow adversaries to access critical networks and compromise additional systems. Affected users were advised to update their passwords immediately and conduct forensic investigations to determine the extent of the breach.
Instances like these demonstrate exactly why Dark Web Monitoring software (like ours) is so important for a robust cyber-defense. Continuous monitoring of the dark marketplace allows for instant, automatic notification when your PII is found up for sale! When your personal information has been exposed, time is quite literally of the essence. You want to react quickly to change your credentials, monitor your credit and re-secure your accounts
Mars Hydro IoT Records Exposure
Mars Hydro, a Chinese manufacturer of IoT-enabled grow lights, experienced a massive data breach in February 2025. An unprotected database exposed 2.7B records, including user information, device logs, network details, and cloud API data. This breach left millions of smart devices vulnerable to hacking, which allowed attackers to manipulate grow lights remotely, gain access to home networks, and track user behaviors online.
The database has since been secured, but the lack of immediate transparency raises concerns about potential long-term consequences for affected users. This breach demonstrates why it’s important to be open and honest in a breach scenario. Data leaks can affect trust and reputation deeply, and it’s likewise important to do your research and place your trust (and PII) in brands with good reputations and a history of trustworthiness and honesty.
We can’t avoid data breaches in our modern age of global interconnection. What’s more important is being open about cyber events and reassuring consumers about all the steps being taken to remediate the incident.
Conclusion
Cyberattacks occur every 39 seconds. The chances of you being directly involved in a data breach, or your information being involved in a larger leak, are high with today’s threat tactics and tools. Keeping up-to-date with changing best practices will help you stay more cyber-safe on a daily basis.
The biggest cyberattacks we’ve experienced this year are reflective of the largest threats against us today. Stay aware, and stay cybersecure!
The post Biggest Data Breaches of 2025 (So Far) appeared first on .