The CyberArk 2024 Employee Risk Survey revealed that employees remain a prime target for attackers. This aligns with the longstanding consensus in security research that the “weakest link” isn’t the technology—it’s the people using it.
The CyberArk survey is a reminder of the urgent need for adaptive, context-aware mechanisms. The goal is to make secure choices feel natural, not burdensome—something for which user experience experts have long advocated.
AI companies may share some commonalities with other tech-forward organizations, but they are fundamentally different. The industry is unlike anything we’ve seen before, and AI companies face evolving and unprecedented challenges and dynamics that make their security and operational needs fundamentally different from those of other industries.
Pomerium has partnered with some of the most forward-thinking, foundational leaders in the AI space. Their challenges are unique, and recognizing that difference is the first step toward building security solutions that work for them, not against them.
If you're reading this, congratulations! You're already subscribed to our monthly newsletter, and you're the first to be notified of Pomerium news and updates!
You can now find all of our past newsletters in one place.
Here's a preview of our most recent YouTube Shorts on Zero Trust! :)
January 2025 Security Breaches
According to the 2024 Annual Data Breach Report by the Identity Theft Resource Center, there were more than 1.7 million victim notices, “a measure of the scale of events and impacts on individuals,” last year, a number that was triple that of 2023. (Read Our Review on ITRC's 2024 Data Breach Report)
With 3,158 total compromises recorded in 2024, it’s no surprise that this past January 2025 was also full of data breaches.
Here's some of the biggest breaches headlines in January.
The PowerSchool Student Information System (SIS), student information software used by over 16,000 K-12 schools, recently disclosed a major cybersecurity incident that compromised vast amounts of personal data belonging to millions of teachers, students, and graduates across the United States and Canada. On December 28, 2024, threat actors exfiltrated personal information from PowerSchool SIS environments using PowerSource, the software's customer support portal. NBC reports that the breach was achieved with a single compromised employee password. Bleeping Computer's coverage of the incident reports that the number of affected students, as claimed by the hacker, is as high as 62 million.
The Change Healthcare data breach victim count has risen to 190 million, UnitedHealth Group stated. The updated figure is nearly double the breach tally reported to regulators in July 2024. As previously reported, Change Healthcare suffered a cyberattack in February 2024 that led to widespread disruptions across the U.S. healthcare system. BlackCat/ALPHV ransomware actors claimed responsibility for the cyberattack, in which they reportedly exfiltrated six terabytes of data. UnitedHealth Group later confirmed that it paid a $22 million ransom in an effort to recover system access.
Malicious actors used an infostealer to grab Atlassian login credentials from an Otelier employee. This access was then used to scrape tickets and other data, allowing them to obtain the credentials for S3 buckets, from where the attackers then exfiltrated 7.8TB of data. High-profile hotel chains, including Marriott, Wyndham, and Hilton, have had sensitive customer data. Hundreds of thousands of email addresses were said to have been exposed.
We're hiring, and we're working on our Careers Page!
In the meantime, share your experience with us at jobs@pomerium.com.
Let us know how you’re using Pomerium at media@pomerium.com for free swag! We love hearing about how our users are securing their infrastructure and accelerating their deployments with Pomerium, and we want to share those stories with our community.
