Social engineering and phishing are involved in 70% - 90% of data breaches. No other root cause of malicious hacking (e.g., unpatched software and firmware, eavesdropping, cryptography attacks, physical theft, etc.) comes close. In fact, if you add up all other causes for successful cyberattacks together, they do not come close to equaling the damage done by social engineering and phishing alone.

Popularly known as text messages, SMS messages are one of the widely used communication channels by Americans. They are generally used for various purposes. For instance, besides being a channel of communication among individuals, several millions of Americans rely on SMS systems to access and secure their social media, email, and online banking accounts, particularly through OTPs (one-time-passcodes), which are typically delivered via SMS.

Recently, the security team at LEAKD.COM discovered that about 5 million United States credit cards and users’ personal details had been leaked online. This discovery came about when the security team found 5 terabytes of sensitive data exposed on an unsecured Amazon S3 bucket, a cloud storage service provided by Amazon Web Services that is used to store customer information. According to the security team at LEAKD.COM, the party responsible for this credit card leak/breach remains unknown.

Established in 1920, Scholastic is an American-based multinational and the largest publisher and distributor of children’s books globally. The company’s global headquarters is in New York City. It offers digital and print resources to support learning for pre-kindergarten to grade 12 students. Some of the corporation’s popular children's book series are Clifford the Big Red Dog, Harry Potter, Goosebumps, SPY, Animorphs, and Hunger Games.

With widespread remote work and global access, organizations face mounting challenges in securing user identities against sophisticated threats. One critical identity risk signal is impossible travel, where a user appears to log in from two unrecognized, geographically distant locations within an unrealistic timeframe, indicating the possibility of compromised credentials or session hijacking.

PowerSchool, a widely used cloud-based and on-premises platform, experienced a data breach reported on December 28, 2024. The platform helps K-12 schools manage student and teacher information, including Personally Identifiable Information (PII), attendance records, grades, medical information, and Social Security numbers. The breach affected both cloud and on-premises customers after a compromise of maintenance account credentials allowed the threat actor to exfiltrate sensitive data.

In 2024, the public sector faced a number of data breaches, highlighting the vulnerability of government agencies and public institutions in the face of evolving cyber threats. From leaked sensitive data to ransomware attacks targeting critical infrastructure, these incidents exposed significant gaps in cybersecurity measures. As cybercriminals grow more sophisticated, the stakes for protecting personal and national data have never been higher.

Third-party incidents, critical infrastructure threats and regulatory fines for cyber attacks have all risen in 2024. Here’s how to avoid them in 2025. With over one billion records exposed and over $1 billion in regulatory fines issued, 2024 was a record-breaking year for data breaches - in more ways than one.

While cyber criminals continue to devise ever more creative ways to get into systems, the outcomes of repeat like a broken record: stolen data and lost money. It happened in again and again this year, but our pick proves the stakes are only getting higher with time. We'll explain the logic behind the list, impacts felt, and key takeaways.