Major Data Breaches & Hacking News in January 2025

Description: Chrome extensions are small software programs that customize the Google Chrome browser.

Breach Size: 380,000 people

Data Exposed: A recent wave of cyberattacks has targeted popular Chrome extensions, compromising user data on a large scale. At least five extensions were hijacked through a coordinated effort by threat actors injecting malicious code designed to steal sensitive information. The attack began with a phishing scam that tricked an administrator into granting access to the Google Chrome Store, allowing hackers to publish a compromised version of the Cyberhaven extension. Although Cyberhaven's team detected and removed the malicious version within an hour, other compromised extensions — including Bookmark Favicon Changer, VidHelper, and ChatGPT Assistant — have collectively affected nearly 380,000 people.

Organization Description: Cariad is an automotive software company for Volkswagen Group based in Germany.

Breach Size: 800,000 electric vehicles

Data Exposed: Cariad inadvertently left the sensitive data of 800,000 electric vehicles and their owners exposed online, creating a privacy nightmare. The data, stored unprotected in Amazon cloud storage, included precise geolocation details for 460,000 cars along with customer names and personal information. With minimal technical effort, hackers were able to track vehicle movements and access sensitive details for Volkswagen, Audi, Seat, and Skoda cars. Among the affected were police patrol cars in Hamburg, Germany, and even vehicles tied to intelligence service employees and German politicians.

Organization Description: American Addiction Centers, Inc. is a leading provider of addiction treatment services across the U.S.

Breach Size: 422,424 people

Data Exposed: In a high-profile cybersecurity breach, American Addiction Centers (AAC), fell victim to a ransomware attack by the notorious Rhysida group. First identified in September 2024, the breach was later confirmed to have compromised sensitive information, including names, addresses, dates of birth, Social Security numbers, health insurance details, and even medical record identifiers. With 422,424 individuals affected, this incident underscores the growing threat of ransomware attacks targeting health care providers.

Organization Description: Green Bay Packers Store is an official Pro Shop online retail store.

Breach Size: 8,514 people

Data Exposed: The Green Bay Packers, an iconic franchise in the National Football League (NFL), recently disclosed a data breach that compromised the credit card information of 8,514 customers. Cybercriminals hacked the team’s official online retail store in a September 2024 incident. Upon being notified of the breach in October 2024, the Packers swiftly disabled checkout and payment capabilities to mitigate further damage. While details were sparse in breach notification letters sent to affected customers, documents were filed with legal authorities confirming the extent of the impact.

Organization Description: Medusind is a leading billing provider for health care organizations.

Breach Size: 360,964 people

Data Exposed: Medusind has disclosed a significant data breach that compromised the personal and health information of over 360,000 individuals. Despite detecting suspicious activity on its network in December 2023, the Miami-based company — which operates in 12 locations across the U.S. and India — recently notified affected individuals.