From education and healthcare to financial services and global supply chains, data breaches continued to grow not just in frequency in 2025, but in scale and sophistication. Many of the most damaging incidents weren’t caused by zero-day exploits or advanced tactics, but rather succeeded because of basic cybersecurity gaps, such as stolen credentials, misconfigurations, unpatched systems and unsecured third-party access.
We’ve seen firsthand how the right cybersecurity fundamentals, when implemented consistently, can dramatically reduce risk. Below are some of the most impactful data breaches our team discussed in 2025, along with key lessons businesses can learn from them.
Major data breaches of 2025 and what went wrong
PowerSchool Breach – January 2025
PowerSchool, a widely used education technology platform, suffered a breach between December 2024 and January 2025 that impacted approximately 62.4 million students and 9.5 million teachers. The exposed data included personally identifiable information (PII), creating serious privacy concerns across school districts nationwide, including here in Texas.
How it happened
The attack originated from compromised credentials, which were then used to access internal systems. The attackers attempted extortion, threatening to release sensitive data unless a multi-million-dollar ransom was paid. PowerSchool paid the ransom but saw more than $14 million in losses following the fallout.
How it could have been prevented
- Enforcing multi-factor authentication (MFA) across all privileged and user accounts
- Implementing credential monitoring and detection
- Applying least-privilege access to limit what compromised credentials can access
Yale New Haven Health – April 2025
A cyberattack on Yale New Haven Health, a Connecticut-based healthcare system, exposed 5.5 million patient records, including sensitive medical and health information such as names, dates of birth, addresses, contact information, Social Security numbers and medical record numbers. Healthcare remains one of the most targeted sectors due to the value of protected health information (PHI).
How it happened
It is likely that attackers gained access through hacking techniques, exploiting weaknesses in network security controls and internal defenses.
How it could have been prevented
- Continuous security monitoring and threat detection
- Network segmentation to isolate sensitive systems
- Routine penetration testing and vulnerability assessments
University of Pennsylvania – November 2025
In a rare example, the University of Pennsylvania experienced two separate breaches in the same month, resulting in the exposure of more than 1.3 million credentials, including names, birthdates, addresses, phone numbers, donation history and other personally identifiable information (PII).
How it happened
The first data breach involved a threat actor gaining unauthorized access to the email system using compromised user credentials. The second data breach was related to a third-party software hack that exploited a security vulnerability.
How it could have been prevented
- Strong identity and access management (IAM) controls by implementing multi-factor authentication (MFA), using VPNs and routine cybersecurity training for employees
- Regular patch management and software updates
- Extensive third-party risk assessments and vendor security reviews
Mars Hydro – February 2025
Mars Hydro, a manufacturer of Internet of Things (IoT) devices, experienced a significant data breach after a database was found to be publicly accessible and easily downloadable, resulting in the exposure of 2.7 billion records. The data included highly sensitive information such as Wi-Fi networks, passwords, emails, IP addresses and more.
How it happened
This breach is a good example of how human error and misconfiguration can be just as dangerous as malware. A misconfigured, non-password-protected database was left exposed to the internet.
How it could have been prevented
- Proper data security practices, including data encryption for sensitive data
- Cloud hosting in secure, private environments
- Automated misconfiguration detection
- Clear ownership and accountability for cloud and security protocols
Ingram Micro – July 2025
Ingram Micro, a global distributor of IT products and services, suffered a ransomware attack that caused disruption in operations on a worldwide scale. A malware attack caused several days of operational disruption, resulting in an estimated $136 million in daily impact and the theft of 3.5 terabytes of data.
How it happened
The attack likely originated from an unpatched or misconfigured VPN, using stolen credentials, which allowed attackers to deploy malware across the environment.
How it could have been prevented
- Consistent patching of the remote access infrastructure
- Implementing strong Zero-trust principles for VPN and remote connectivity
- Endpoint detection and response (EDR) with real-time alerts
While these breaches affected different industries and organizations, the root causes were strikingly similar. Stolen or weak credentials, misconfigured systems, unpatched software and insufficient monitoring led to billions of compromised data. The lesson for businesses is clear: cybersecurity is no longer optional, reactive or “nice to have.”
Strong cybersecurity fundamentals, including identity protection, patch management, cloud security and continuous monitoring, are needed for organizations to stay resilient (and out of the headlines).
By now, it’s clear that the question isn’t if threat actors will try, but whether your defenses are ready. Computer Solutions is a leading Texas-based MSP, supporting Texas businesses with managed IT services and solutions. Contact us today for IT support, cybersecurity assessments and cybersecurity risk management.
