The cyber threat landscape is becoming increasingly more complex thanks to advancements in technology, but many of our data breaches today can be traced back to a relatively simple cause: compromised credentials. 

The latest KELA state of cybercrime report has highlighted this threat, revealing “3.9 billion credentials shared in the form of credentials lists that appear to be sourced from infostealer logs” has been observed, indicating that credential theft, subsequent exploitation, and massive extortion campaigns can easily follow.

Compiled on March 1, the following list of data breach headlines published during the month of February contains details behind the cause of the breach (if available). Source articles have been organized by industry (finance, government, healthcare, infrastructure, retail, tech, and miscellaneous) in reverse chronological order.

Security Breaches Reported in February 2025

Finance

2/26/2025

The Bybit Breach: How Hackers Exploited a SafeWallet Vulnerability to Steal $1.4 Billion | Coin Central

Cryptocurrency exchange Bybit lost over $1.4 billion worth of liquid-staked Ether in a security breach on February 21, 2025, making it the largest crypto hack in history. According to forensic investigations, the attack was carried out by North Korea’s Lazarus Group, who exploited a vulnerability in SafeWallet’s infrastructure rather than Bybit’s systems. Multiple forensic teams, including cybersecurity firms Sygnia and Verichains, conducted investigations into the hack. Their findings revealed that the credentials of a SafeWallet developer were compromised, giving attackers unauthorized access to SafeWallet’s infrastructure

2/19/2025

Finastra Notifies Customers of Data Breach | Infosecurity Magazine 

British financial technology firm Finastra has notified customers of a data breach that occurred between October 31 and November 8, 2024 where an unauthorized third party accessed the company’s secure file transfer platform (SFTP), used to share files with customers. Although the breach was detected on November 7, and the company acknowledged it shortly after, Finastra only began reaching out to affected individuals on February 12, 2025. While the exact number of individuals affected remains undisclosed, filings with the Massachusetts Attorney General reveal that at least 65 residents in the state were impacted.

2/19/2025

Accounting Firm Blue & Co. Files Notice of Data Breach with Federal Regulators | JD Supra 

On February 7, 2025, Blue & Co., LLC (“Blue”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that information in the company’s possession was subject to unauthorized access, resulting in an unauthorized party being able to access consumers’ sensitive information. According to a source, the Blue & Co. data breach was the result of a “hacking / IT incident” involving a network server. While it’s possible that Blue’s systems were targeted in the attack, it’s also possible that Blue is reporting the breach on behalf of one of its third-party vendors or business partners.

2/19/2025

Cyber Investor Insight Partners Suffers Security Breach | Infosecurity Magazine 

New York-based venture capital firm Insight Partners has confirmed it was hit by a cyber-attack in January 2025. In a public statement published on February 18, the investment company said an unauthorized third party accessed some parts of its information systems through a “sophisticated social engineering attack,” and the intrusion was detected on January 16.

2/17/2025

The Pension Specialists Data Breach Affects Over 71k Consumers | JD Supra 

On February 14, 2025, The Pension Specialists Ltd. (“TPS”) filed a notice of data breach with the Attorney General of Maine after discovering that certain files on its network were accessed without authorization. An unauthorized party accessed certain files on its network between February 18, 2024 and February 20, 2024. It was later determined that some of these files contained confidential information belonging to certain individuals.

2/14/2025

Zacks Investment hit in data breach | 12 million users potentially at risk | TechRadarPro

Zacks Investment Research, a financial data, stock research, and analysis company based in Chicago, allegedly suffered a cyberattack in which it lost sensitive data on millions of people. A report by BleepingComputer cites a thread posted on an underground hacking forum claiming to have breached Zacks in June 2024, gaining sensitive information on 12 million people, including names, usernames, email addresses, postal addresses, and phone numbers. Zacks is yet to comment on the claims of a data breach.

2/12/2025

Heartland Bank Sends Data Breach Letters Following Recent Email Data Security Incident 

On February 7, 2025, Heartland Bank filed a notice of data breach with the Attorney General of Massachusetts after discovering a recent data security incident involving the company’s email system where an unauthorized party being able to access consumers’ sensitive information.

2/3/2025

Insurance Company Globe Life Notifying 850,000 People of Data Breach | SecurityWeek 

The data breach, Globe Life told the Securities and Exchange Commission in October 2024, was discovered after a threat actor attempted to extort the company, demanding a ransom payment in exchange for not publishing stolen information. The compromised data, the company says, belongs to customers and customer leads, and was likely exfiltrated from its subsidiary American Income Life Insurance Company.

Government

2/18/2025

Coast Guard data breach impacts pay of 1,135 service members | Military Times 

The Coast Guard Investigative Service and Coast Guard Cyber Command are investigating the circumstances surrounding a technological error that delayed the biweekly pay of 1,135 members. The Coast Guard did not specify when the data breach occurred or what caused it, but said it is working to determine the “source and impact” of the breach.

Healthcare

2/27/2025

Fred Hutchinson Cancer Center Settles Class Action Data Breach lawsuit for $11.5M | The HIPAA Journal

Fred Hutchinson Cancer Center and the University of Washington have agreed to pay $11,500,000 to settle a proposed class action data breach lawsuit and have committed to investing $13,500,000 to improve cybersecurity. Hackers breached its network and stole the protected health information of approximately 2.1 million individuals between November 10 and November 25, 2023. When the demanded ransom was not paid, the affected patients were sent individual ransom demands and were told that they needed to pay $50 to have their stolen data deleted, otherwise it would be published online.

2/25/2025

US drug testing firm says data breach impacted 3.3 million people | Bleeping Computer

DISA Global Solutions, a leading US background screening and drug and alcohol testing firm, has suffered a data breach impacting 3.3 million people. In January, the company first disclosed a cybersecurity incident that occurred between February 9, 2024, and April 22, 2024, the day it discovered the breach. While DISA has not shared what type of cyberattack they experienced, a now-deleted notice indicates that they paid a ransom demand to prevent the stolen data from being publicly released. 

2/25/2025

VectraRx Mail Pharmacy Services Notifies 109K Individuals About Data Breach 

VectraRx Mail Pharmacy Services, a New York-based mail order pharmacy, has suffered a major data breach involving the protected health information of 109,383 individuals. On February 6, 2025, VetraRx disclosed details of the incident, stating that unusual activity was identified in its computer systems on December 13, 2025, and a third-party cybersecurity firm was engaged to investigate the cause of the activity.

2/24/2025

CAMC posts notice of data breach from recent phishing attack | WCHS 

Charleston Area Medica Center announced a phishing attack may have leaked access to patients’ personal information. CAMC noted an investigation involving a forensic security provider revealed a single email user’s mailbox was accessed and “no other CAMC systems or data storage were impacted.”

2/24/2025

Three Healthcare Providers Notify Patients About 2024 Data Breaches | The HIPAA Journal

Data breaches have recently been announced by Consultants in Pain Medicine in Texas, Claris Vision Holdings in Massachusetts, and Precision Orthopedics and Sports Medicine in Maryland. Consultants in Pain Medicine, a San Antonio, Texas-based pain management practice, has recently notified the Texas Attorney General about a security incident where protected health information of 2,062 Texans is known to have been compromised due to unauthorized individuals accessing its network between June 26, 2024, and July 7, 2024. Claris Vision Holdings, a Massachusetts-based provider of vision care services, has notified the Attorney General of Massachusetts about a data security incident where hackers had access to its network from July 10, 2024, and August 5, 2024. On February 13, 2025, Precision Orthopedics and Sports Medicine in Maryland notified 1,903 current and former patients about a September security incident where unauthorized activity was identified in its email system and exposed some of their protected health information.

2/19/2025

Australian fertility services giant Genea hit by security breach | Bleeping Computer 

​Genea, one of Australia's largest fertility services providers, disclosed that unknown attackers breached its network and accessed data stored on compromised systems. While the company has yet to reveal when the breach was detected or whether patients' personal and health information was exposed, Genea's breach confirmation comes five days after a phone outage impacted the group's fertility clinics.

2/17/2025

Innovative Renal Care Sends Data Breach Letters Following Early 2024 Incident | JD Supra 

On February 14, 2025, American Renal Management LLC d/b/a Innovative Renal Care (“IRC”) filed a notice of data breach with the Attorney General of Massachusetts after discovering that an unauthorized actor accessed and copied information from its computer network. Innovative Renal Care disclosed that the incident resulted in an unauthorized party being able to access consumers’ sensitive information.

2/13/2025

Judge Approves $7 Million Brightline Data Breach Settlement | The HIPAA Journal 

A $7 million settlement has been agreed to resolve a lawsuit filed against the virtual mental health provider Brightline over a hacking incident by the Clop threat group in 2023 that resulted in the theft of the protected health information of up to 1 million individuals. Brightline was one of 130 companies to have data stolen by the Clop threat group in January 2023, after the mass exploitation of a critical remote code execution vulnerability in Fortra’s GoAnywhere MFT file transfer solution. The vulnerability was exploited between January 18, 2023, and January 30, 2023. 

2/10/2025

Georgia Hospital Alerts 120,000 Individuals of Data Breach | Infosecurity Magazine 

Memorial Hospital and Manor has informed approximately 120,000 individuals that their sensitive information was compromised in a ransomware attack that occurred in November 2024. The Embargo ransomware group has claimed responsibility for the cyber-attack, saying that it exfiltrated 1.15 terabytes of data, which has since been reportedly posted on its Tor-based leak platform.

2/8/2025

Huge healthcare data breach exposes over 1 million Americans' sensitive information 

Community Health Center, Inc. (CHC), a Connecticut-based federally qualified health center, has disclosed a data breach following a criminal cyberattack on its systems. CHC detected a data breach on Jan. 2 after identifying unusual activity within its computer systems and said that 1,060,936 people were affected by the data breach.

2/7/2025

US health system notifies 882,000 patients of August 2023 breach | Bleeping Computer 

Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information. The non-profit healthcare system said in data breach notifications sent to those impacted that the incident was discovered on August 27, 2023, after detecting that the attacker had gained access to HSHS' network. While the incident and the resulting outage have all the signs of a ransomware attack, no ransomware operation has claimed the breach.

2/7/2025

430000 Impacted by Data Breaches at New York, Pennsylvania Healthcare Organizations | Security Week

The personal and health information of over 430,000 individuals was compromised in October and November 2024 data breaches at Allegheny Health Network (AHN) and University Diagnostic Medical Imaging (UDMI). UDMI, a medical imaging center in New York, says threat actors accessed certain information on its systems for a brief period on November 26, before the suspicious activity was discovered. The Pittsburgh, Pennsylvania-based AHN told the HHS that 292,773 patients were affected by a data breach resulting from an October 2024 cyberattack on third-party contractor IntraSystems, responsible for hosting certain systems for AHN’s subsidiaries Home Medical Equipment and Home Infusion.

2/3/2025

Middletown-based medical clinic network hit by data breach impacting 1M patients in multi-state hack | News Times

Middletown-based Community Health Center, Inc., which runs dozens of clinics across Connecticut, reported a January data breach that potentially exposed the medical records and Social Security numbers of more than 1 million patients — including those who got COVID tests and vaccines from the clinics during the pandemic. The breach, which involved a “skilled criminal hacker,” was discovered on Jan. 2 and exposed a range of patient personal information. So far there is no indication the personal information has been misused, the clinic said.

2/3/2025

Hundreds of Thousands Hit by Data Breaches at Healthcare Firms in Colorado, North Carolina | SecurityWeek

Asheville Eye Associates and Delta County Memorial Hospital District disclosed separate data breaches that impacted hundreds of thousands of individuals. Asheville Eye Associates has told the US Department of Health and Human Services that 193,306 individuals were impacted by the data breach. Non-profit hospital district Delta County Memorial Hospital informed the Maine Attorney General’s Office that hackers had compromised the personal information of 148,363 people in a May 2024 cyberattack.

Infrastructure

2/21/2025

Star Solution Services Provides Notice of Data Breach Affecting Over 27k Individuals 

On February 5, 2025, Star Solution Services, Inc. (“Star Solution“) filed a notice of data breach with the Attorney General of Maine after discovering that an unauthorized party was able to access portions of the company’s IT network on March 10, 2024. The incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names and Social Security numbers.

2/6/2025

McKinney, Texas, Breach May Have Exposed Data of Nearly 18,000 | Government Technology

McKinney announced this week a data breach may have exposed the personal or sensitive data of nearly 18,000 people when an unknown third party gained unauthorized access to the city’s network on Oct. 31. A city spokesperson said there is no indication of any actual or attempted misuse of personal information, but filings identify 17,751 people notified of the breach “out of an abundance of caution.”

Miscellaneous

2/4/2025

Grubhub confirms data breach, both drivers and customers are affected | Mashable 

According to Grubhub, the malicious actor was able to gain entry into its systems via a third-party vendor that provides services for Grubhub's support team. It's unclear just how big the data breach is. Grubhub says an investigation found that the intrusion was carried out through an account connected to a third-party service provider. Upon noticing the intrusion, Grubhub said they immediately removed the compromised account's access and terminated the service provider entirely from their systems.

Retail

2/24/2025

Nuna Baby Essentials Sends Data Breach Following Recent Cybersecurity Incident | JDSupra

On February 21, 2025, Nuna Baby Essentials, Inc. (“Nuna Baby”) filed a notice of data breach with the Attorney General of Maine after discovering that an unauthorized party was able to access consumers’ sensitive information in the company’s possession. Upon completing its investigation, Nuna Baby began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident. 

Tech

2/19/2025

Tech investment firm Insight Partners discloses data breach | Cybersecurity Dive 

Insight Partners suffered a data breach in January stemming from what it described as “a sophisticated social engineering attack.” The private equity and venture capital firm said it initially detected unauthorized access to “certain Insight information systems” on Jan. 16 but did not specify what types of systems or data were affected by the cyberattack.

2/12/2025

Hacker allegedly puts massive OmniGPT breach data for sale on the dark web | CSO Online

A BreachForums user “Gloomer” reportedly made a post, offering samples of the allegedly stolen data. “This leak contains all messages between the users and the chatbot of this site, as well as all links to the files uploaded by users and also 30k user emails.” If the claim checks out, victims face a number of security risks, including account takeover, unauthorized access, identity theft, phishing and social engineering attacks, malware infections, and financial and repetitional damages. OmniGPT has not publicly acknowledged the breach or any attack.

2/7/2025

HPE begins notifying data breach victims after Russian government hack | TechCrunch 

Hewlett Packard Enterprise has begun notifying individuals whose personal information was stolen during a 2023 cyberattack, which the company blamed on Russian government hackers. HPE said the hackers used “a compromised account to access internal HPE email boxes in our Office 365 email environment.” HPE later told regulators that the stolen mailbox data predominantly belonged to individuals in HPE’s cybersecurity, go-to-market, and business teams. HPE spokesperson Adam R. Bauer declined to disclose the total number of individuals affected by the breach.

Access Control Matters

This month’s data breach compilation serves as yet another reminder that most breaches are not inevitable—they are preventable. The root cause of major incidents can be traced back to compromised credentials, misconfigurations, and a lack of proactive security controls. As attackers refine their techniques, organizations relying on outdated, reactive security models remain easy targets.

The path forward is clear: enforce strict access controls, implement least-privilege policies, and adopt zero-trust principles to reduce attack surfaces and limit lateral movement. Security should be dynamic, adapting in real time to evolving threats—not just reacting to incidents after damage is done.

Built on the principle of continuous verification, Pomerium is a zero-trust reverse proxy that enables organizations to secure access to critical resources dynamically and contextually—without a VPN. By authenticating, authorizing, monitoring, and securing every access request, Pomerium helps companies stay ahead of threats and prevent breaches before they happen.

Try Pomerium Today.