March 2025 saw yet another wave of significant cyber incidents affecting organizations across industries, with over 5 million individuals impacted and damages exceeding $39.9 million from just three settlements alone. These breaches reinforce a crucial reality: successful attacks rarely require sophisticated tactics, but instead exploit widespread gaps in basic security measures.

As you review these cases, note the recurring patterns of insufficient access controls, third-party vulnerabilities, and delayed breach detection—fundamental weaknesses that proper zero-trust security measures could have prevented.

Compiled on April 1, the following list of data breach headlines published during the month of February contains details behind the cause of the breach (if available). Source articles have been organized by industry (education, finance, healthcare, infrastructure, tech, and miscellaneous) in reverse chronological order.

Security Breaches Reported in March 2025

Education

3/20/2025

Data breach at Pennsylvania education union potentially exposes 500,000 victims | TechRadar

A data breach at the Pennsylvania State Education Association (PSEA) has potentially exposed more than half a million people to identity theft, phishing, or wire fraud. The Pennsylvania public sector union has sent a data breach notification letter to 517,487 individuals, to warn them about a cybersecurity incident that happened in July 2024. While the organization did not discuss the threat actors, BleepingComputer found that the ransomware group called Rhysida claimed responsibility for the attack in early September 2024.

3/10/2025

Hacker accessed PowerSchool's network months before massive December breach | TechCrunch

A hacker compromised the U.S. edtech giant PowerSchool months before its “massive” data breach in December, according to a now-published forensic report into the incident conducted by U.S. cybersecurity firm CrowdStrike. In a letter sent to affected customers last week, seen by TechCrunch, PowerSchool confirmed that an investigation into the incident has revealed that its network “experienced unauthorized activity prior to December,” which CrowdStrike dated back to at least August 2024.

3/7/2025

Many Schools Report Data Breach After Retirement Services Firm Hit by Ransomware | Security Week

Dozens of school districts and thousands of individuals in the United States are impacted by a data breach resulting from a ransomware attack aimed at retirement services provider Carruth Compliance Consulting. In a notification posted on its website on January 13, 2025, Carruth revealed that it had detected suspicious activity on its computer systems on December 21, 2024. An investigation determined that hackers had access to its systems between December 19 and December 26, and that they stole some files.

Finance

3/21/2025

Western Alliance breach exposes 22K customers' data | Banking Dive 

Information on roughly 22,000 Western Alliance customers was accessed through a vulnerability in a third-party vendor’s file transfer software, the Phoenix, Arizona-based bank disclosed last week. The breach went undetected for more than three months, according to the timeline the bank provided in the letter. Western Alliance, for its part, said it is investigating the nature and extent of the breach and has begun to inform affected customers.

3/18/2025

Western Alliance Bank Discloses Data Breach Linked to Cleo Hack | SecurityWeek 

Western Alliance Bank is notifying roughly 22,000 individuals that their personal information was stolen from a third-party secure file transfer software. The incident, the bank says, occurred in October 2024, when a threat actor started exploiting an unknown vulnerability in the file transfer tool, gaining access to “a limited portion of Western Alliance’s systems” and stealing files from them.

3/11/2025

Bank Of America Alerts Customers To Data Breach, Offers Identity Theft Protection For Affected Accounts | Yahoo Finance

The Bank of America has alerted a small group of its customers about a data breach that may have exposed confidential information. The breach, which took place on December 30, was a result of improper handling of confidential documents by a third-party document destruction service provider. While the exact number of affected accounts has not been disclosed, the bank confirmed that at least two customers in Massachusetts have been impacted.

3/10/2025

Allstate Insurance sued for delivering personal info on a platter, in plaintext, to anyone who went looking for it | The Register

New York is seeking penalties for the company's failure to institute data security safeguards and notify consumers, and an injunction to stop any continued violations. "While the specific source of the breaches was National General's design and release of several insecure websites, the broader cause of the incidents was National General's prioritization of profit over the 

implementation of reasonable data security safeguards," the lawsuit states.

3/7/2025

US seizes $23 million in crypto stolen via password manager breach | Bleeping Computer 

U.S. authorities have seized over $23 million in cryptocurrency linked to the theft of $150 million from a Ripple crypto wallet in January 2024. Investigators believe hackers who breached LastPass in 2022 were behind the attack. Despite the threat actors' efforts, law enforcement agents traced $23,604,815.09 of the stolen digital assets between June 2024 and February 2025 to cryptocurrency exchanges.

3/3/2025

Indian Stock Broker Angel One Discloses Data Breach | SecurityWeek 

The incident, the company said, was discovered after it received an email alert from a ‘dark web monitoring partner’ on February 27, regarding a ‘data leakage post’. “We have verified that this breach does not have any impact on clients’ securities, funds and credentials; and all our client accounts remain secure,” the company said. Following the data breach announcement, Angel One’s shares dropped over 11% in two days, hitting a 52-week low on Monday, March 3.

Healthcare

3/31/2025

170,000 Impacted by Data Breach at Chord Specialty Dental Partners | SecurityWeek 

Chord Specialty Dental Partners revealed in a data security incident notification that it had discovered suspicious activity on an employee’s email account in September 2024. An investigation revealed that someone had gained unauthorized access to several email accounts between August 18 and September 25, 2024. The dental organization told the Department of Health and Human Services (HHS) that the incident impacted more than 173,000 people.

3/28/2025

Oracle Health breach compromises patient data at US hospitals | BleepingComputer

A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers. Oracle Health has not yet publicly disclosed the incident, but in private communications sent to impacted customers and from conversations with those involved, BleepingComputer confirmed that patient data was stolen in the attack. Oracle Health is also telling hospitals that they will not notify patients directly and that it is their responsibility to determine if the stolen data violates HIPAA laws and whether they are required to send notifications.

3/26/2025

Sunflower Medical Group Sued Over 221,000-Record Data Breach | The HIPAA Journal

Sunflower Medical Group is facing a class action lawsuit over its recently disclosed data breach involving the protected health information of almost 221,000 current and former patients. The Sunflower Medical Group data breach occurred on December 15, 2024, but was not discovered for more than three weeks. According to Sunflower Medical Group, the unauthorized access was identified and blocked on January 7, 2025. The lawsuit alleges the defendant failed in its duties to protect sensitive data from unauthorized access due to inadequate security practices.

3/17/2025

Florida Hospital Data Breach Impacts Over 120000 Patients | Daily Security Review

A Florida hospital, CDH, suffered a data breach impacting over 120,000 patients. Sensitive data, including Social Security numbers and health information, was compromised in April 2024. The BianLian ransomware group claimed responsibility. New Era Life Insurance Companies, which is based in Texas but also has operations in the Midwest and Pennsylvania, identified itself as a health plan in its HIPAA breach report filed with federal regulators on Feb. 11. The hack affects many | but not all | of the company's policyholders, agents and insurance carrier partners in multiple states.

3/10/2025

560,000 People Impacted Across Four Healthcare Data Breaches | SecurityWeek 

More than 560,000 people were impacted across four data breaches disclosed last week to authorities by the healthcare organizations Hillcrest Convalescent Center, Gastroenterology Associates of Central Florida, Community Care Alliance, and Sunflower Medical Group. The data was apparently taken by the BianLian ransomware group, which took credit for the attack on Center for Digestive Health in mid-May 2024. 

3/7/2025

Apria Healthcare Agrees to $6.4M Data Breach Settlement | The HIPAA Journal 

Apria Healthcare, an Indianapolis-based provider of home healthcare equipment and related services, has agreed to pay $6,400,000 to resolve all claims related to data breaches in 2019 and 2021 that affected 1,869,598 individuals. Several lawsuits were filed in the Southern District of Indiana in response to the data breach, and in October 2023, the lawsuits were consolidated into a single action in the U.S. District Court for the Southern District of Indiana. Apria Healthcare is also being sued by the Indiana Attorney General over these two hacking incidents, with the litigation yet to be resolved.

3/3/2025

Community Health Center Inc. faces lawsuits over data breach | Hartford Business Journal 

Middletown-based Community Health Center Inc. (CHC) is the target of more than a half dozen separate federal lawsuits following a data breach that affected the personal information of a total of 1,060,936 individuals. The individual lawsuits were filed in the U.S. District Court for the District of Connecticut between Feb. 5 and 13, and each seeks class action status.

3/3/2025

Harvard Pilgrim Health Care to Pay $16 Million to Settle Data Breach Litigation | The HIPAA Journal

Harvard Pilgrim Health Care and its parent company Point32Health have agreed to a $16 million settlement to resolve claims related to a 2023 ransomware attack that affected approximately 3 million patients. The settlement class consists of 2,967,396 individuals, all of whom are entitled to benefits.

Infrastructure

3/12/2025

CISA: Medusa ransomware hit over 300 critical infrastructure orgs | BleepingComputer

CISA says the Medusa ransomware operation has impacted over 300 organizations in critical infrastructure sectors in the United States until last month. "As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors with affected industries including medical, education, legal, insurance, technology, and manufacturing," CISA, the FBI, and MS-ISAC warned on Wednesday.

3/7/2025

Data breach at Japanese telecom giant NTT hits 18,000 companies | Bleeping Computer 

Japanese telecommunication services provider NTT Communications Corporation (NTT) is warning almost 18,000 corporate customers that their information was compromised during a cybersecurity incident. The data breach was discovered in early February 2025, but the exact date when the hackers gained initial access to NTT's systems hasn't been determined.

Miscellaneous

3/27/2025

150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms | The Hacker News

An ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chinese-language gambling platforms has ballooned to compromise approximately 150,000 sites to date. As documented by the website security company last month, the campaign involves infecting websites with malicious JavaScript that's designed to hijack the user's browser window to redirect site visitors to pages promoting gambling platforms.

3/21/2025

Ransomware Group Claims Attacks on Ascom, Jaguar Land Rover | SecurityWeek 

The Hellcat ransomware group this week claimed responsibility for cyberattacks on Swiss telecommunications provider Ascom and British multinational car manufacturer Jaguar Land Rover (JLR). The attack on Ascom occurred on March 16, and the group added the company to its Tor-based leak site on the same day. The telecoms company confirmed the next day that the attack targeted its technical ticketing system. Hellcat claimed to have stolen 44 gigabytes of sensitive data from the company, including contracts, documents, development tools, and source code. At the same time, Hellcat claimed the theft of hundreds of gigabytes of data from JLR, a subsidiary of Indian multinational corporation Tata Motors.

Tech

3/20/2025

China's Baidu denies data breach after executive's daughter leaks personal info | Reuters 

The company was thrust into the spotlight last week after online users accused the teenage daughter of Baidu vice president Xie Guangjun of posting personal information of other users such as their phone numbers after getting into an online argument. Baidu also said it had filed a police report regarding false information circulating online, including claims the teenager had admitted her father had provided her with database access, as the controversy over the incident continued to swell.

3/20/2025

Stalkerware data breach potentially hits over 2 million users, including thousands of Apple devices | TechCrunch

A widely-used consumer-grade stalkerware operation was hit by a data breach in 2024, with millions of customers potentially affected. A TechCrunch report claims the beach affected SpyX and two related mobile apps, impacting the information of almost 2 million people, including 17,000 Apple iCloud credentials. Seemingly, neither the targets of the spyware, nor the customers of the software were ever notified of the breach, which reportedly occurred in June 2024.

3/18/2025

$17.5 Million Settlement Resolves Infosys McCamish Systems Data Breach Lawsuit | The HIPAA Journal

A settlement has been agreed to resolve multiple Infosys McCamish Systems class action lawsuits that were filed in response to a 2023 ransomware attack and data breach that involved unauthorized access to the personal data of more than 6 million individuals. In November 2023, Infosys McCamish Systems discovered its systems had been breached in a ransomware attack. The forensic investigation confirmed that an unauthorized cyber actor had access to its systems between October 29 and November 2, 2023, exfiltrated sensitive data, and used ransomware to encrypt files.

3/4/2025

Hunters International ransomware claims attack on Tata Technologies | Bleeping Computer 

The Hunters International ransomware gang has claimed responsibility for a January cyberattack attack on Tata Technologies, stating they stole 1.4TB of data from the company. The Indian tech giant reported in January 2025 that it had suffered a security breach by ransomware actors, which disrupted parts of its IT systems. The company noted that the incident's impact on its operations was minimal, while client delivery services were not affected at all.

3/4/2025

Rubrik discloses server breach, compromise of 'access information' | Cybersecurity Dive 

In a blog post on Feb. 22, Rubrik said its security team recently discovered “anomalous activity” on a server containing log files. A forensic investigation by a third-party partner revealed the server had been compromised by an unauthorized actor. Rubrik co-founder & CTO Arvind Nithrakashyap and CISO Michael Mestrovich said in the post that the intrusion was limited to the single server and there was no evidence that the threat actor had accessed customer data or Rubrik’s internal code.

3/3/2025

Zapier tells customers their data may have been accessed | TechRadar

According to the letter sent to affected customers by the company’s Head of Security, Zeeshan Khadim, an unnamed threat actor abused a “two-factor authentication (2FA) misconfiguration” on an employee’s account to gain unauthorized access to certain Zapier code repositories. Once Zapier was aware of the incident, it secured access to the repositories and invalidated the compromised account. The company also generated a secure link on which affected customers can see a copy of their impacted data. The company is now running a thorough audit and internal process remediation to prevent similar incidents from happening in the future, as well.

Access Control Matters

March’s data breach compilation reinforces an ongoing reality: most breaches don’t happen because attackers are too advanced—they happen because defenses are too weak. The same patterns persist: stolen credentials, misconfigurations, and insufficient access controls continue to be the root causes of major security incidents. As threat actors leverage automation and AI to scale their attacks, organizations relying on static, reactive security measures will continue to fall behind.

The solution remains the same: adopt proactive security measures that limit the blast radius of potential breaches. Implementing strict access controls, least-privilege policies, and zero-trust principles ensures that even if attackers gain a foothold, they can’t move freely within a system. In today’s threat landscape, security must be continuous, contextual, and adaptive—not an afterthought once a breach has already occurred.

Built on the principle of continuous verification, Pomerium is a zero-trust reverse proxy that helps organizations secure access dynamically and contextually—without relying on a VPN. By authenticating, authorizing, monitoring, and securing every access request in real time, Pomerium enables companies to stay ahead of evolving threats and prevent breaches before they happen.

Try Pomerium Today.