Topics
late
AI
Amazon
Image Credits:Getty Images
Apps
Biotech & Health
clime
Image Credits:Getty Images
Cloud Computing
mercantilism
Crypto
Enterprise
EVs
Fintech
Fundraising
Gadgets
punt
Government & Policy
computer hardware
Layoffs
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
societal
quad
inauguration
TikTok
Transportation
Venture
More from TechCrunch
outcome
Startup Battlefield
StrictlyVC
newssheet
Podcasts
telecasting
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
We ’re barely a couple of months into 2025 , but this year has already seen several data point breaches affecting the personal information of one thousand thousand of individuals , including everything from student record to phone data point to sensitive health information .
Last year , 2024 , sawmore than 1 billion records stolen . If the first two months of this year are anything to go by , 2025 look to be an unprecedented year for information breaches .
PowerSchool breach likely affects tens of millions of students and teachers
The falling out of edtech whale PowerSchool is one of the bountiful breach of student data in late history . While we still do n’t know precisely how many records were steal ( PowerSchool has repeatedly refused to disclose this name ) , theme claim that the breach affected more than 62 million educatee and 9.5 million teachers in the United States .
PowerSchool , which provides K-12 software to more than 18,000 schooling across North America , first disclosed the data breachin January . At the time , PowerSchool said that unnamed hackers used a single compromised credential to get into its client support portal , granting memory access to the wealth of data point in its schoolhouse selective information organisation , PowerSchool SIS , which school use to manage pupil criminal record .
The hack accessed sensitive personal entropy , including pupil ’ grades , medical information , and Social Security number . Multiple schools affect by the falling out have told TechCrunch that other highly sensitive information , includinghighly sensitive scholar datum , include information about restraining guild , was accessed .
PowerSchool has n’t confirmed or denied the report 62 million figure , butvarious filingshave confirmed that meg of multitude were move by the severance . A filing with the Texas lawyer general uncover that well-nigh 800,000 body politic occupant had their data stolen , while the Rochester City School District confirm that 134,000 students are affected .
PowerSchool recently confirmed to TechCrunch thataround 16,000 people in the United Kingdom also had data point stolenin the breach .
Musk’s DOGE access represents a huge compromise of U.S. federal government data
The first few week of the Trump administration go out a different sort of breach — and one that will likely go down in history as thelargest ever via media of U.S. government data .
Individuals working for Elon Musk , who is behind the Trump administration ’s Department of Government Efficiency , or DOGE , ingest control of top federal section and datasets to get at immense troves of sensitive Union information . DOGE — made up ofmostly secret - sphere employees from Musk ’s own line of work — seized wide memory access to the U.S. government ’s critical payment system of rules containing the personal information of millions of Americans and creditworthy for disbursing zillion of dollars every year .
Since then , a fusion of more than a dozen U.S. states havefiled a lawsuitto block Musk ’s squad of cost - cutters from get at administration systems that hold the personal data of Americans . More than 100 current and former federal officials have also sued Musk ’s DOGE agencyfor accessing the sensitive personnel record of Americans without right authorization .
Hacker stole a million patient records from nonprofit Community Health Center
Community Health Center ( CHC ) , a Connecticut - based nonprofit healthcare supplier , order in January that ahacker had accessed the sensitive data of more than a million patient .
CHC , which provides such overhaul as school - based health care and substance abuse programs , sound out that the unnamed hacker compromised its connection on January 2 to steal patients ’ personal data and raw wellness info . This data include patients ’ addresses , phone numbers , diagnoses , treatment details , examination resultant , Social Security number , and wellness insurance entropy .
Stalkerware apps Cocospy, Spyic, and Spyzie expose phone data of millions of people
A trio of stalkerware apps exposed the personal data of millions of people who inadvertently have them engraft on their equipment , a security researcher revealed to TechCrunchin February .
The three apps — Cocospy , Spyic , andSpyzie — all share the same security exposure that allows anyone to get at the personal information , including messages , picture , and call logs , from machine that have the apps install , typically without the twist owner ’s knowledge .
The easy - to - overwork bug also disclose the e-mail name and address of the people who sign up up for the stalkerware apps . That allowed a security measure researcher to scratch up the email address of around 3.2 million e-mail addresses of Cocospy , Spyic , and Spyzie customer , which was provided to infract presentment internet site Have I Been Pwned .
U.S. employee screening service DISA confirms breach affecting over 3 million people
DISA , a Texas - base provider of employee screening services , include drug and intoxicant tests and background checks , confirmed in February a massive data breach that happened almost a year in the first place in April 2024 .
In a filing with Maine ’s attorney general , DISA said the breach touch on more than 3.3 million peoplewho had undergo employee screening tests . While the companionship said its internal probe “ could not definitively close ” what specific data point was steal , a separate filing in the commonwealth of Massachusetts support that Social Security issue , financial selective information , and government - issued identity document are among the stolen data .
DISA find fault the breach on an unidentified drudge , who had accession to a portion of the troupe ’s net for more than two months before they were noticed .
