Major Data Breaches & Hacking News in August 2025

Cyberattacks aren’t letting up — and the latest breaches are proof. In recent weeks, Change Healthcare, The Alcohol & Drug Testing Service, Allianz Life, DaVita, Columbia University, and Next Level Finance Partners collectively exposed more than 4.5 million records! Incidents like these can put highly sensitive personal information at risk, heightening the chance of identity theft, account takeover, and malware-driven fraud. 

 

Read on to stay up to date with the latest breaches — including one breach affecting 192.7 million people — and learn how you can protect yourself, your data, and your devices with IDSeal®. 

Change Healthcare 

Organization Description: Change Healthcare is a health care technology company that is part of Optum and owned by UnitedHealth Group. It connects providers, payers, and patients within the U.S. health care system. 

 

Breach Size: 192.7 million people 

 

Data Exposed: Change Healthcare suffered a massive ransomware attack that compromised the personal and protected health information of approximately 192.7 million individuals. The breach occurred when cybercriminals exploited a vulnerable Citrix remote access service that lacked multi-factor authentication, resulting in unauthorized access to sensitive data. The stolen information included health insurance IDs, patient diagnoses, treatment details, Social Security numbers, and billing codes. Despite paying a $22 million ransom, the data was not recovered. The ransomware group shut down its operation without paying its affiliate, and the affiliate retained a copy of the stolen data — leading to widespread disruptions in health care services and significant financial losses. 

The Alcohol & Drug Testing Service 

Organization Description: The Alcohol & Drug Testing Service provides workplace and individual alcohol and drug testing service in Texas and other states.

 

Breach Size: 748,763 people 

 

Data Exposed: The Alcohol & Drug Testing Service experienced a breach of its network by an unauthorized character, compromising personal data and protected health information. This included information such as names, dates of birth, Social Security numbers, driver’s license/government-issued IDs, passport numbers, bank and financial details, credit/debit card information, usernames and passwords, health insurance details, biometric information, and other personal identifiers. 

Allianz Life   

Organization Description: Allianz Life is an insurance company specializing in life insurance and annuity products. 

 

Breach Size: 1.1 million people 

 

Data Exposed: Allianz Life Insurance Company of North America had a significant data breach impacting 1.1 million people — the majority of its 1.4 million U.S. customers. The breach occurred when cybercriminals exploited a third-party cloud-based customer relationship management system using social engineering tactics. This attack compromised sensitive personal information, including names, addresses, and dates of birth, as well as some Social Security numbers.  

DaVita 

Organization Description: Headquartered in Denver, DaVita is one of the largest dialysis service providers in the United States. 

 

Breach Size: 916,000 people 

 

Data Exposed: DaVita experienced a ransomware attack that compromised nearly 916,000 individuals’ personal, financial, and medical information. The Interlock ransomware group claimed responsibility for the breach, saying they took 1.5 terabytes of DaVita’s data. The compromised data encompassed names, addresses, Social Security numbers, medical records, tax ID numbers, health insurance information, and images of checks made out to the company.  

Columbia University 

Organization Description: Columbia University is a private, Ivy League university in New York City.  

 

Breach Size: 868,969 people 

 

Data Exposed: Columbia University had a data breach that compromised the personal information of approximately 868,969 individuals, including current and former students, applicants, employees, and their family members. The breach, which was discovered following a system outage, was caused by unauthorized third-party access to the university’s network, resulting in the theft of around 460 GB of data. The exposed information includes names, dates of birth, Social Security numbers, contact information, academic history and admissions records, financial aid-related information, demographic details, insurance-related information, and certain health data. 

Next Level Finance Partners 

Organization Description: Next Level Finance Partners is a debt settlement company based in Pennsylvania doing business as Century Support Services. 

 

Breach Size: 160,759 people 

 

Data Exposed: Next Level Finance Partners experienced a data breach that compromised the personal information of over 160,000 individuals — more than half of its client base. Compromised information includes full names, dates of birth, Social Security numbers, driver’s license or state-issued ID numbers, passport numbers, medical and health insurance information, financial account details, and digital signatures. 

 

Hacking & Phishing News  

Dark Web Dump

 

A dark web dump is when hackers steal personal or financial information — like Social Security numbers, credit card details, or login credentials — and post it on hidden websites, called the dark web. These dumps can be bought, sold, or shared by criminals, which puts your identity and money at risk.  

For example, imagine a hacker steals a list of usernames, passwords, and credit card numbers from a company’s database, then posts these on a hidden website where other criminals can buy or trade it. If your information is on that list, someone could use it to make purchases, access your accounts, or commit identity theft.

 

Exit Scam 

 

An exit scam happens when cybercriminals take ransom payments but never provide the promised decryption key. In some cases, ransomware-as-a-service operators shut down suddenly and keep all the money collected from victims and affiliates. Instead of recovering their stolen data, organizations are left facing both data and financial loss.  

This is exactly what happened with the Change Healthcare breach. Once the ransomware was paid, the ransomware group shut down its operation without paying its affiliate, and the affiliate retained a copy of the stolen data. They took this to another ransomware group that sought additional payment, however, no second payment was made — and the data was not recovered, despite the initial payment. This goes to show that even payment doesn’t guarantee data recovery, adding another layer of risk to ransomware incidents. 

 

The Change Healthcare breach — along with the recent data breaches at Columbia University and Allianz Life — demonstrate how hackers exploit personal data. In each case, stolen information ended up in dark web dumps, where criminals can buy, sell, or trade it. With IDSeal, you don’t have to wait for a breach to know if your information is at risk. Our services monitor your personal data around the clock, scan the dark web for leaks, and alert you immediately if suspicious activity is detected — so you stay protected even when major breaches make headlines. 

 

Stay connected with us on social media for the latest updates on data breaches and cybersecurity threats as they happen. Don’t wait to become a victim — start protecting your identity now!