No Industry Is Immune: Inside the Latest Major Data Breaches Exposing Millions

The most recent data breaches underscore some troubling trends, proving that no industry is safe from attacks. Millions of records have been exposed thanks to phone-based phishing attacks against higher education institutions like Harvard University and Princeton University, breaches at health care organizations such as Delta Dental of Virginia, and those at SitusAMC, 700Credit, and Marquis Software Solutions, all part of the typically vigilant financial services industry. Together, these incidents highlight just how frequently trusted organizations are being compromised and why protecting your identity has never been more important. 

 

In this blog post, we break down what happened in these cyberattacks, what personal information was exposed, and what steps you can take to protect yourself before your own data becomes compromised.  

 

Harvard University 

Organization Description:
Harvard University is a private, non-profit research university and the oldest university in the United States. 

Breach Size: Undisclosed 

Data Exposed:
In late November, Harvard University suffered a data breach involving its Alumni Affairs and Development systems which exposed personal information tied to students, alumni, donors, and faculty. Impacted data included email addresses, phone numbers, home and business addresses, donation histories, and other biographical data used for fundraising and alumni engagement. The Harvard data breach occurred after attackers used phone-based voice phishing (vishing) to gain unauthorized access to internal systems. 

 

Princeton University 

Organization Description:
Princeton University is a private, non-profit higher education institution and world-class research university. 

Breach Size: 100,000 people 

Data Exposed:
The Princeton University data breach was the result of a phone-based phishing attack that compromised its advancement database, exposing the personal information of at least 100,000 alumni, donors, students, and other university community members. Exposed data included names, email addresses, phone numbers, and fundraising engagement records. At least two class-action lawsuits have been filed against Princeton following this November breach. 

 

Delta Dental of Virginia 

Organization Description:
Delta Dental of Virginia is a not-for-profit dental benefits carrier providing dental insurance and vision plans. 

Breach Size: 145,918 people 

Data Exposed:
Virginia’s largest dental benefits carrier experienced a data breach earlier this year involving unauthorized access to an employee’s email account. This incident potentially exposed personally identifiable information (PII) and protected health information (PHI), including names, Social Security numbers, driver’s license or government ID numbers, and health insurance and medical information. This is just one of the many recent data breaches impacting the health care industry — the largest health care data breach of this year at Conduent Business Solutions affected 10.5 million people. 

 

SitusAMC 

Organization Description:
SitusAMC is a technology and services provider for the real estate finance industry. 

Breach Size: 100+ financial institutions 

Data Exposed:
First detected by the company in mid-November, the SitusAMC breach exposed sensitive corporate and financial data tied to more than 100 financial institutions, including major banks like JPMorgan Chase, Citi, and Morgan Stanley. Exposed data included accounting documents, legal agreements, and client-related records. The full scope of the attack is still under investigation by SitusAMC and the FBI. This goes to show that even in the financial sector, often considered one of the best-defended industries against cyberattacks, vulnerabilities can still be found and exploited by cybercriminals. 

 

700Credit, LLC 

Organization Description:
700Credit, LLC is a financial technology company providing credit reporting, identity verification, and fraud prevention for vehicle dealerships. It is a reseller of credit reports from all three major credit bureaus. 

Breach Size: 5.8 million people 

Data Exposed:
The 700Credit data breach occurred after a third-party partner system was compromised. Hackers were able to access personal data tied to credit reports and identity verification services for some customers of its approximately 20,000 dealership clients. Exposed data included names, addresses, dates of birth, and Social Security numbers. 

 

Marquis Software Solutions 

Organization Description:
Marquis Software Solutions (GoMarquis) provides digital marketing and compliance services for banks and credit unions. 

Breach Size: 400,000 people 

Data Exposed:
The result of a ransomware attack, the Marquis Software Solutions breach involved hackers exploiting a SonicWall firewall vulnerability and gaining access to sensitive customer data from over 74 U.S. banks and credit unions. Exposed data included names, addresses, phone numbers, Social Security numbers, Taxpayer Identification Numbers, dates of birth, and limited financial account information. So far, notifications have been filed in Maine, Iowa, and Texas. Following the incident, Marquis has reportedly enhanced its security by patching its firewalls, enabling multi-factor authentication, and applying geo-IP filtering to restrict which connections are allowed.  

Hacking & Phishing News 

 

Code Injection 

Code injection is a method for exploiting computer security systems in which attackers inject a program with malicious code, bypassing existing security mechanisms. The program then interprets this data as executable commands, allowing hackers to access sensitive information, compromise restricted systems, or spread malware. This type of attack is made possible when an application is running on poorly written code, allowing hackers to exploit security flaws.   

 

Application Layer Attack  

An application layer attack occurs when hackers exploit web application vulnerabilities, stolen credentials, or weak access controls to access data through the application itself. This technique was used in the 700Credit breach, when attackers accessed data through the 700Dealer.com web application, exposing millions of consumer records while 700Credit’s internal networks remained secure. 

 

With IDSeal®, safeguarding your personal information goes beyond just monitoring — it’s about proactive identity theft protection, early detection, and expert recovery support. We continuously scan for exposed personal data, including on data broker and people-finder sites with our new Personal Data Removal tool, ensuring your information is removed before bad actors can get their hands on it. If the rise of cybercrime, phishing attacks, and data breaches proves one thing, it’s the importance of proactive identity protection. 

 

Stay informed on the latest cybersecurity news, identity theft trends, and data breach updates by following us on social media — and take steps now to protect your identity and financial future before it’s too late.