Data Breach Report: March 2025 Edition

March 2025 has proven to be a stark reminder of the escalating cyber threats facing organizations across diverse sectors, from education and finance to healthcare and technology. This month’s data breach report reveals a series of alarming incidents, each highlighting the vulnerabilities inherent in our increasingly interconnected digital landscape. From the massive exposure of applicant data at New York University to the alleged compromise of Oracle Cloud’s legacy systems, and the ransomware attacks targeting Jaguar Land Rover and the Pennsylvania State Education Association, the sheer scale and sensitivity of the data compromised underscore the urgent need for enhanced cybersecurity measures.

On March 22, 2025, New York University (NYU) experienced a significant data breach where a hacker redirected the university’s website and exposed the personal information of over 3 million applicants dating back to 1989.

Scale of the Breach: The breach exposed the personal information of over 3 million applicants to NYU. This includes both accepted and rejected students.

Type of Data Exposed: A wide range of sensitive personal details was compromised, including names, test scores (SAT/ACT), GPAs, intended majors, demographic information, family backgrounds, and financial aid details.

Cause of the Breach: The breach occurred due to unauthorized access to NYU’s IT systems, allowing a hacker to redirect web traffic and access underlying databases containing applicant information

The alleged Oracle Cloud data breach in March 2025 involved a significant cybersecurity incident in which a threat actor claimed to have compromised approximately 6 million records from Oracle Cloud’s systems.

Oracle initially denied any compromise of its core Oracle Cloud infrastructure but later reports indicate that Oracle has privately acknowledged to certain customers that a breach did occur, albeit affecting older “legacy environments.”

Scale of the Breach: The threat actor claims to have compromised approximately 6 million records, potentially affecting over 140,000 Oracle Cloud tenants, indicating a very broad impact.

Type of Data Exposed: Highly sensitive credentials were reportedly exposed, including Java KeyStore (JKS) files, encrypted passwords and password hashes, key files, and Java Process Status (JPS) keys, all of which could allow for significant unauthorized access.

Cause of the Breach: There are conflicting reports, but evidence points to the exploitation of vulnerabilities within Oracle’s systems, possibly related to older “legacy enviroments” of Oracle cloud, and potentially related to vulnerabilities within Oracle Fusion Middleware instances that could allow unauthorized access via Oracle Access Manager.

Jaguar Land Rover (JLR) experienced a significant data breach in March 2025, attributed to the HELLCAT ransomware group, which resulted in the exposure of internal documents, source code, tracking data, and employee credentials. The breach was facilitated by compromised login information, including credentials from an LG Electronics employee, highlighting the interconnectedness of supply chain vulnerabilities.

Scale of the Breach: The breach involved the exfiltration of 700 documents in the first wave and 350 gigabytes of data in the second wave, impacting internal operations and potentially compromising sensitive information.

Type of Data Exposed: Compromised data included internal documents, source code, tracking data, and employee credentials, posing risks to intellectual property and employee privacy.

Cause of the Breach: The breach was caused by the exploitation of compromised credentials, including those obtained through infostealer malware, and the subsequent use of those credentials by the HELLCAT ransomware group to gain access to JLR’s systems.

The SpyX stalkerware app data breach in March 2025 exposed highly sensitive personal information of nearly 2 million individuals, raising serious privacy and safety concerns.

Scale of the Breach: Nearly 2 million individuals were affected, indicating a massive exposure of personal data from users of the SpyX stalkerware application.

Type of Data Exposed: Highly sensitive data including iCloud usernames and passwords (in plaintext), email addresses, IP addresses, device information, and potentially messages and photos were exposed, posing a significant risk to user privacy and security.

Cause of the Breach: The breach resulted from a severe security lapse, specifically the lack of proper authentication and protection for the app’s user database, making it easily accessible to unauthorized individuals.

Have I Been Pwned: https://haveibeenpwned.com/PwnedWebsites#SpyX

Angel One, a major Indian stock brokerage firm, disclosed a data breach in March 2025, revealing unauthorized access to client information stored in its Amazon Web Services (AWS) account. While Angel One assured clients that their funds and securities remained secure, the incident raised concerns about cybersecurity practices within the financial sector and impacted the company’s stock value.

Scale of the Breach: The scale of the breach involved the compromise of client information stored within Angel One’s AWS environment, though the precise number of affected clients has not been publicly released.

Type of Data Exposed: The exposed data consisted of client information held within the company’s AWS account, which although Angel one has not released the type of data, it is assumed to be contact information, and potentially financial information.

Cause of the Breach: The breach resulted from unauthorized access to Angel One’s AWS account, with the specific vulnerability exploited still under investigation, but it shows a weakness within the security of their cloud storage.

Western Alliance Bank experienced a data breach in March 2025, stemming from the exploitation of a zero-day vulnerability in a third-party secure file transfer tool provided by Cleo. The Clop ransomware group gained unauthorized access, compromising the sensitive personal information of approximately 22,000 customers. The breach, which occurred in October 2024 but was disclosed in March 2025.

Scale of the Breach: Approximately 22,000 customers’ personal information was compromised, indicating a significant exposure of sensitive financial and personal data.

Type of Data Exposed: The exposed data included highly sensitive information such as names, Social Security numbers, dates of birth, financial account numbers, driver’s license numbers, tax identification numbers, and passport information, creating a substantial risk of identity theft.

Cause of the Breach: The breach was caused by the exploitation of a zero-day vulnerability in a third-party secure file transfer tool provided by Cleo, allowing the Clop ransomware group to gain unauthorized access to Western Alliance Bank’s systems.

The Pennsylvania State Education Association (PSEA), a labor union representing public school employees, experienced a significant data breach in March 2025, impacting over 500,000 individuals. The Rhysida ransomware group claimed responsibility for the attack, which resulted in the exposure of highly sensitive personal information.

Scale of the Breach: Over 500,000 individuals were affected, which includes current and former members and their dependents, making it a very large scale data breach.

Type of Data Exposed: The compromised data included highly sensitive information such as Social Security numbers, driver’s license and state ID numbers, financial account information, payment card details, passport numbers, medical information, and taxpayer ID numbers, significantly increasing the risk of identity theft.

Cause of the Breach: The breach was caused by a ransomware attack carried out by the Rhysida ransomware group, which gained unauthorized access to PSEA’s systems and exfiltrated sensitive data.

Official Notification: https://www.psea.org/pages-without-a-home/notice-of-data-security-incident/

California Cryobank (CCB), a company specializing in sperm and egg donation services, experienced a data breach in March 2025, revealing unauthorized access to customer data from April 2024. The breach, discovered in October 2024 and CCB began sending out data breach notification letters to affected individuals in March 2025.

Scale of the Breach: The scale of the breach involved the potential compromise of customer data stored within CCB’s IT environment, affecting individuals who have utilized their services.

Type of Data Exposed: The exposed data included sensitive personal information such as names, driver’s license numbers, bank account and routing numbers, Social Security numbers (SSN), and health insurance information, which poses a significant risk of identity theft and privacy violations.

Cause of the Breach: The breach was caused by unauthorized access to CCB’s IT environment, with the specific vulnerability exploited still under investigation, but it resulted in the potential access and/or acquisition of files containing customer data.

Data Breach Notification: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/6b6aacae-67b7-414e-be1a-ea17b44a7f12.html

Numotion, a provider of complex rehabilitation technology, experienced a significant data breach in March 2025, stemming from unauthorized access to employee email accounts between September and November 2024.

Scale of the Breach: Nearly half a million individuals were affected, demonstrating a large-scale exposure of sensitive data.

Type of Data Exposed: The compromised data included full names, dates of birth, payment information, financial account information, product information, health insurance details, medical information, driver’s license numbers, and Social Security numbers, encompassing a wide range of highly sensitive personal and medical data.

Cause of the Breach: The breach resulted from unauthorized access to employee email accounts, likely due to phishing attacks, which allowed attackers to access and exfiltrate sensitive customer information.

Data Breach Notification: https://www.numotion.com/data-security-incident