Image
February 25, 2025

Major Data Breaches & Hacking News in February 2025


February 27, 2025
In an era where data breaches are growing at an alarming rate, no industry is safe from cybercriminals. Health care breaches have become more and more common, with organizations being targeted for their sensitive medical data. The recent breaches at UnitedHealth, Community Health Center, NorthBay, and Hospital Sisters Health System are an example of these major cyberattacks. Plus, additional recent breaches at Globe Life, Scholastic, and Wolf Haldenstein Adler Freeman & Herz LLP are proof that your sensitive information could be at risk at any moment and no industry is immune. The question isn’t if your data will be compromised — it’s when. Let’s take a closer look at these breaches and why securing your identity has never been more urgent.

Icon
UnitedHealth

Organization Description: UnitedHealth is the largest health care company in the world by revenue, offering health insurance and health care services.

Breach Size: 190 million people

Data Exposed: UnitedHealth has confirmed a massive data breach affecting 190 million Americans, making it the largest health care data breach in U.S. history. The attack targeted Change Healthcare, a subsidiary of UnitedHealth, in a devastating ransomware incident that exposed data including health insurance and medical records, billing and payment details, phone numbers, addresses, and Social Security numbers.


Icon
Community Health Center 

Organization Description: Community Health Center is a nonprofit health care organization providing primary medical, dental, and mental health services.

Breach Size: 1,060,936 people

Data Exposed: Stealing personal and health information from 1,060,936 patients, a skilled hacker infiltrated Community Health Center’s systems. This information includes sensitive details like names, birth dates, addresses, phone numbers, emails, and Social Security numbers. However, it doesn’t stop there. They also stole health information including medical diagnoses, treatment details, test results, and health insurance.


Icon
NorthBay Healthcare Corporation

Description: NorthBay Healthcare Corporation, a nonprofit health care system that operates two hospitals — NorthBay Medical Center & NorthBay VacaValley Hospital — and multiple primary care locations in California.

Breach Size: 569,012 people

Data Exposed: NorthBay Healthcare recently announced a massive breach, revealing that 569,012 individuals had their personal and medical information exposed in a cyberattack that went unnoticed for months. The stolen data includes names, birth dates, Social Security numbers, passport and driver’s license information, medical and health insurance data, financial account details, and credit/debit card information including PINs and security codes.


Icon
Hospital Sisters Health System

Organization Description: Hospital Sisters Health System, or HSHS, is a nonprofit health care system that operates hospitals and health care facilities in Illinois and Wisconsin

Breach Size: 882,782 people

Data Exposed: A massive data breach exposed the personal and health information of 882,782 individuals. The cyberattack disrupted computer systems, phone lines, and patient portals for days, preventing online payments and access to medical records. Stolen data included names, Social Security numbers, medical record numbers, and insurance details. While no confirmed fraud cases have been reported, patients received scam calls and emails posing as HSHS representatives.


Icon
Globe Life

Organization Description: Globe Life is one of the largest providers of life and health insurance plans in the United States.

Breach Size: 850,000 people

Data Exposed: Globe Life has concluded its investigation into a data breach that occurred in June 2024, revealing that the incident may have impacted an additional 850,000 customers — a significant increase from the initial estimate of about 5,000 individuals. The recent findings confirmed that the June 2024 cyberattack may have exposed highly sensitive information, including Social Security numbers, health data, and insurance details.


Icon
Scholastic Corporation

Organization Description: Scholastic Corporation is a multinational publishing, education, and media company.

Breach Size: 8 million people

Data Exposed: The personal data of 8 million people including parents, teachers, and students has been exposed during a recent data breach. The stolen information includes names, emails, phone numbers, and addresses, as well as over 1 million education contacts tied to schools. While the hacker claims the breach was “for fun” and assures that the data won't be published, its authenticity has been confirmed.


Icon
Wolf Haldenstein Adler Freeman & Herz LLP

Organization Description: Wolf Haldenstein Adler Freeman & Herz LLP is an American law firm founded in 1888 that operates multiple offices across the United States.

Breach Size: 3,445,537 people

Data Exposed: A significant data breach at Wolf Haldenstein Adler Freeman & Herz LLP, has compromised the personal information of over 3.4 million individuals. Hackers gained access to sensitive data, including Social Security numbers, medical records, and more. The firm has not explicitly stated whether the exposed data belonged to clients, employees, or other individuals who had their information stored on its servers.

Hacking & Phishing News
Bait and Switch

A bait and switch hijacks a legitimate paid advertising platform to trick users into interacting with malicious content. Attackers purchase ad space that appears to be from a trusted source, displaying what looks like an authentic ad. However, when a user clicks on the ad, they are redirected to a harmful website. This fraudulent site may automatically download malware onto the user's system, compromising sensitive data, or it may prompt the user to enter personal information. Because the ad initially appears trustworthy, victims are more likely to engage with it, making bait and switch a highly effective cyberattack method.

Browser Locker

A browser locker is designed to trap users within their web browser by displaying an intrusive, full-screen popup that is difficult — or seemingly impossible — to close. Cybercriminals deploy this method by either directing users to a malicious website or injecting legitimate websites. Once triggered, the browser locker mimics a security alert, often posing as an urgent antivirus warning. It may claim that the user's device is infected with malware and instruct them to call a fake tech support number or follow a deceptive link for assistance. In reality, there is no virus. Rather, the attacker aims to pressure the victim into paying for unnecessary or fraudulent services to remove the nonexistent threat.

GET PROTECTED

As data breaches continue to make headlines, it’s clear that protecting your personal information is more crucial than ever. While simple steps like being cautious about sharing sensitive information, regularly reviewing your accounts, and avoiding public Wi-Fi networks (unless using a VPN) can help protect your identity, it’s not always enough. IDSeal’s identity theft and device protection services offer a more comprehensive solution, providing a first line of defense in protecting your personal information and real-time alerts to keep you informed of potential threats as soon as they happen. By following us on social media, you’ll stay updated on the latest cyberthreats and learn how to keep your data safe with the help of our identity theft protection plans.

Start protecting your identity today! Signing up is quick & easy

Remember, 1-in-4 Americans are the victim of identity theft. It's not a matter

of if you'll become a victim, it's when...

Get Protected