Sectona at AISS 2025 | Dec 3–5 | Pullman New Delhi Aerocity
Join Us at Infosecurity Europe 2025 | 3-5 June | ExCel London | Stand C95
Meet us at Gartner® Security & Risk Management Summit | 10-11 March 2025 | Grand Hyatt, Mumbai | Booth 319
Stop by our stand (C95) for a live demo of our Modern Infrastructure Access Platform.
Chief Executive Officer
Book a Slot
Regional Sales Director – MEA
Book a Slot
Solution Engineer
Book a Slot
Solution Engineer
Book a Slot
Solution Engineer
Book a Slot
Field Marketing Manager
Book a Slot
Sectona at Black Hat MEA 2025 | Dec 2-4 | Riyadh Exhibition and Convention Center, Malham
Sectona at AISS 2025 | Dec 3–5 | Pullman New Delhi Aerocity
Data Breaches in 2025: A Year That Exposed the Real State of Cybersecurity
2025 delivered a sobering wake-up call!
Over the past year, it became evident that cyberattacks impacted organisations across industries. More than the volume of data breaches, some of the more urgent concerns included common issues such as weak passwords, outdated systems, poor monitoring, and reliance on third-party vendors.
In this blog, we explore some of the significant data breaches of 2025, the lessons learnt, and subsequent measures taken to restore trust and strengthen security.
Significant Cyberattacks and Data Breaches in 2025
1. The 16 Billion Credential Mega Leaki
In January 2025, cybersecurity researchers uncovered one of the most significant data breaches.
- Around 16 billion login details from multiple online databases were exposed.
- The compromised data included usernames and passwords associated with some of the biggest platforms, including Facebook, Instagram, Gmail, and Apple.
- This data was further released to the public while unsecured and openly accessible, until proper restrictions were put in place.
Lessons learned
This incident brought to light a well-known and common issue, i.e., the reuse of passwords. When the same login credentials are used across different services or tools, even the safest platforms are unable to protect accounts.
How was the risk addressed?
Organisations reacted quickly and developed password reset strategies. They encouraged users to set up multi-factor authentication sooner, implemented passkeys (password less login), and started to monitor compromised credentials.
2. Kido International Cyberattackii
A ransomware attack on Kido International School in September 2025 resulted in sensitive data being accessed without authorisation, affecting 8000 children and employees.
- Photos, dates of birth, home addresses, and contact information were stolen.
- Some children’s profiles were even posted on a dark web site.
- Some news reports said the ransomware group Radiant was likely behind the attack, having previously targeted schools and healthcare services.
Lessons learned
This attack showed how crucial strong security is, especially when handling sensitive data. Weak access controls and human mistakes made it easier for attackers to get in. This event drew attention to the need for quick response plans, employee training, application monitoring, and clear communication with authorities and affected families.
How was the risk addressed?
Kido International notified the families of the breach. They also called in cybersecurity experts for help and reported the breach to the UK’s ICO (Information Commissioner’s Office). The NCSC (National Cyber Security Centre) shared guidance, highlighting security weaknesses across the sector. Experts said that when children’s data is involved, the risks to their safety and privacy can be severe and long-lasting.
3. Yale New Haven Health System Data Breachiii
This is one of the major data breaches in 2025 where more than 5.5 million individuals were impacted in Yale New Haven Health System.
- The breach was first noticed after an unusual activity on March 8.
- After closer examination, it was confirmed that hackers had replicated personal information from the server.
- The compromised data included people’s email addresses, full names, dates of birth, addresses, phone numbers, and social security numbers, all of which could be used to link to their health records.
Lessons learned
This incident served as a strong reminder that cybersecurity requires constant attention. Regularly monitoring systems, protecting sensitive data through encryption, limiting access to only those who actually need it, and helping staff recognise early warning signs – all play a crucial role in preventing breaches and reducing their impact.
How was the risk addressed?
They took immediate action and sought help from cybersecurity and law enforcement professionals, to assess the extent of the data breach. They were able to prevent further damage by identifying the source of the problem and controlling subsequent access. They conducted an in-depth investigation of all computer systems involved in the breach and implemented new security measures to safeguard patient information better and protect against future breaches.
4. Allianz Life Insurance Third-Party Breachiv
About 1.4 million clients of Allianz Life Insurance Company of North America were affected in one of the major data breaches of 2025.
- A third-party cloud-based CRM (customer relationship management) system was the source of the breach.
- In this social engineering attack, hackers accessed sensitive customer information, including names, email addresses, phone numbers, records, and communications between the customer and Allianz Life Insurance Company, by gaining administrative access.
Lessons learned
It is important to monitor third-party vendor security, implement multi-factor authentication, limit access to sensitive information, and train employees to identify social engineering threats. The need for zero trust (continuously validating access even from trusted vendors) to protect sensitive data within complex digital ecosystems is critical.
How was the risk addressed?
The organisation acted quickly to deal with the breach. They cut off access to the affected CRM system and informed U.S. regulators about what had happened. The FBI and Allianz Life both carried-out investigations, and all customers affected were offered services like fraud alerts and identity theft protection. After reviewing and inspecting its third-party applications and systems, Allianz Life implemented additional security measures to prevent future breaches.
5. Oracle Cloud Supply Chain Attack 2025v
Cybersecurity company Cloud SEK identified a breach on March 21, 2025.
- Cybercriminal “rose87168” had been selling around 6 million records stolen from Oracle Cloud’s single sign-on and LDAP systems.
- All the data access was through JKS, encrypted single sign-on password, key files, and Enterprise Manager JPS keys.
- The actor was active in January 2025, and threatened companies affected by this incident, demanding money to remove their information and assist with its decryption.
- The investigation into this incident suggests that it exploited a previously undisclosed vulnerability in the Oracle Cloud login subdomain to gain unauthorised access.
Lessons learned
We should all continue to monitor access to cloud systems and third-party tools through multi-factor authentication and limited permissions. Additionally, employees must be aware of social engineering techniques and be able to identify them. Lastly, by regularly monitoring threats, we can detect issues and have time to address them before they escalate.
How was the risk addressed?
The organisations whose data was compromised acted quickly to contain the breach. This included advising those affected to reset all compromised LDAP and SSO passwords immediately, and to reset privileged accounts and their Associated Tenant IDs in conjunction with Oracle Support. They regenerated any Certificate and Secret that may have been exposed and reviewed logs for Evidence of Necessity. Continuous monitoring to detect anomalies and constant communication with Oracle’s Security allowed potential vulnerabilities to be evaluated, mitigated, and prevented from causing subsequent breaches.
6. Coupang API Data Exposurevi
In November 2025, Coupang Inc. revealed that the data of 33.7 million users was compromised, as opposed to the initial estimate of 4,500 accounts.
- The information accessed included names, phone numbers, email addresses, and delivery addresses.
- Since June 24, the breach was linked to “offshore” servers and may have affected nearly all of the company’s active local customers.
- Coupang engaged cybersecurity experts, law enforcement, and regulators to investigate the incident.
Lessons learned
This event highlighted the importance of policies. For organisations that collect personal information of customers, the policies help secure customer data, including financial and login credentials. In addition, organisations must maintain robust access controls, monitor their data, and develop quick communication plans to protect users and limit their reputational exposure.
How was the risk addressed?
The company quickly cut off unauthorised entry and assured customers that they had improved internal monitoring. They also hired security experts and worked with law enforcement to carefully investigate the incident. To follow up, logins were made more secure, system activity was monitored closely, and access was limited.
Common Patterns of Data Breaches in 2025
- The most common pattern was human error. Approximately 60% of breaches in 2025 involved a human element, according to Verizon. Attackers often got in through phishing emails or by exploiting minor and everyday errors made by users already trusted within the system.
- In some situations, people used the same password across tools, ignored extra login checks such as 2FA, or were given access they did not need to do their job.
- Cloud services and third-party systems were frequently the way in, underscoring the risks of relying on connected platforms when security is not entirely under an organisation’s control.
- In several cases, breaches went unnoticed for long periods, exposing large amounts of data before any action was taken.
- A lack of continuous monitoring and early threat detection made it harder to identify and stop attacks in their early stages.
What’s Next?
Security is not something you fix once and forget later.
Prompt action can greatly limit the extent of damage. The 2025 experience should make security a priority for organisations before the next breach, not after it.
Proactive measures include:
- Regular security audits and penetration testing to identify vulnerabilities.
- Employee training to prevent human errors, such as falling for phishing or weak password habits.
- Strong access controls, encryption, and monitoring to detect unusual activity early.
- Developing a response plan so teams know precisely what to do if a breach occurs.
Don’t wait for the crisis. Treat cybersecurity as a continuous and essential part of operations.
Continue reading: Cybersecurity Trends for 2026
GET SUPPORT
- © 2026 Sectona Technologies Private Limited. All rights reserved. All trademarks held by their respective owners.
- © 2026 Sectona Technologies Private Limited. All rights reserved. All trademarks held by their respective owners.
- Privacy Policy
- Terms
- Eula
- Responsible Disclosure
GET SUPPORT
- © 2026 Sectona Technologies Private Limited. All rights reserved. All trademarks held by their respective owners.
- Privacy Policy
- Terms
- Eula
- Responsible Disclosure