Image
March 25, 2025

Major Data Breaches & Hacking News in March 2025


Major Data Breaches & Hacking News in March 2025
March 25, 2025
Imagine waking up to find your personal information — your Social Security number, financial records, or sensitive medical data — exposed to cybercriminals. This is a harsh reality for thousands of individuals affected by recent data breaches. From global financial institutions to trusted health care providers, no industry is safe from cyberthreats. Hackers are evolving, and their latest targets include Zack Investments, Finastra, DISA Global Solutions, Orange Group, St. Clair Orthopaedics and Sports Medicine, and Central Texas Pediatric Orthopedics. Here are more details on these data breaches and how you can protect yourself before it’s too late.

Icon
Zacks Investment Research

Organization Description: Zacks Investment Research is an investment research firm focusing on stock research, analysis, and recommendations.

Breach Size: 12 million people

Data Exposed: Zacks Investments allegedly suffered a data breach dating back to summer 2024 and impacting 12 million user accounts. A bad actor gained access to Zacks’ active directory and stole data — which was leaked on a hacker forum in January — including names, usernames, email addresses, phone numbers, and physical addresses. If verified, this would be the third major breach at Zacks in the past four years.


Icon
Finastra 

Organization Description: Finastra is a London-based company that provides financial technology services to more than 8,100 financial institutions worldwide.

Breach Size: 400 gigabytes of data

Data Exposed: A hacker has claimed stealing 400 gigabytes of data from Finastra’s systems. The attackers reportedly gained access to Finastra’s file transfer system, compromising both personal and financial information. Though details of the exposed data are still unclear, Finastra has confirmed that some victims had financial information stolen.


Icon
DISA Global Solutions

Description: DISA Global Solutions is a major third-party provider of employee screening services.

Breach Size: Over 3.3 million people

Data Exposed: A data breach in early 2024 exposed the sensitive personal information of individuals whose current or former employers used DISA’s screening services, with victims only recently being informed a year later! The information leaked includes names, Social Security numbers, driver’s license details, financial account data, and other government-issued ID numbers. The DISA data breach is the latest in a number of cyberattacks targeting employment services companies.


Icon
Orange Group

Organization Description: Orange Group is a leading French telecommunications operator and digital service provider.

Breach Size: 380,000 records

Data Exposed: A threat actor, known as "Rey" from the HellCat ransomware group, claimed to have accessed Orange's systems for over a month, exfiltrating data over a three-hour period without detection. The compromised information, primarily from Orange's Romanian branch, includes 380,000 unique email addresses, source code, invoices, contracts, and both customer and employee data.


Icon
St. Clair Orthopaedics and Sports Medicine

Organization Description: St. Clair Orthopaedics and Sports Medicine is a medical practice in Michigan that specializes in musculoskeletal care, rehabilitation, and sports medicine.

Breach Size: 340,000 people

Data Exposed: A data breach exposed sensitive patient information, including contact details, medical records, and Social Security numbers after a bad actor gained unauthorized access to St. Clair’s network


Icon
Central Texas Pediatric Orthopedics

Organization Description: Central Texas Pediatric Orthopedics specializes in providing pediatric orthopedic care.

Breach Size: 90,000 people

Data Exposed: The Qilin group carried out an attack that exposed the sensitive personal and health information of 90,000 people, including names, government-issued IDs, dates of birth, as well as medical and health insurance details.


Hacking & Phishing News
Distributed Denial of Service (DDoS)

A Distributed Denial of Service (DDoS) attack is a cyberattack that aims to overwhelm a system, network, or website with excessive traffic or resource requests, making it unavailable to legitimate users. Attackers use this method to disrupt business operations, cause financial losses, or create security vulnerabilities. A common example is a flood attack, where a hacker sends an overwhelming number of connection requests to a website, causing it to crash or slow down significantly. For instance, an online retailer might experience a DoS attack during a big sale event, preventing customers from accessing the website and making purchases. These attacks can be highly damaging, leading to lost revenue, reputational harm, and even long-term security vulnerabilities if not properly mitigated.

Social Engineering

Social engineering is a manipulation technique that cybercriminals use to trick individuals into revealing sensitive information such as passwords, financial details, or personal data. Instead of hacking systems directly, attackers exploit human psychology by posing as trustworthy sources. A common example is phishing, where scammers send emails that appear to be from legitimate companies, urging recipients to click on malicious links or provide login credentials. For instance, an employee might receive an email pretending to be from their IT department, requesting their password to "fix a security issue." If they comply, the attacker gains access to the company's network.

GET PROTECTED

These recent data breaches are a powerful reminder that cybercriminals are continually finding new ways to steal personal and financial information. No matter the industry, no one is completely safe — but you can take steps to protect yourself. Having strong passwords, enabling multi-factor authentication, and staying alert to phishing scams are essential, but when data is stolen, the real challenge begins. That’s where IDSeal’s identity theft protection plans help. IDSeal helps reduce the frustration and confusion of identity theft by monitoring your personal information, alerting you to any malicious activity, and providing 24/7 Identity Theft Recovery Support — so you’re not left handling it alone.

Follow us on social media to get real-time updates on the latest data breaches and cybersecurity threats. Don’t wait until you’re a victim — take control of your identity today!

Start protecting your identity today! Signing up is quick & easy

Remember, 1-in-4 Americans are the victim of identity theft. It's not a matter

of if you'll become a victim, it's when...

Get Protected