Image
May 29, 2025

Major Data Breaches & Hacking News in May 2025

Major Data Breaches & Hacking News in May 2025
May 29, 2025
Cyberattacks continue to hit organizations across industries, compromising the personal data of millions. From health care providers to tech vendors, no sector is immune — and the consequences for individuals can be serious. The latest organizations affected include Serviceaide, Onsite Mammography, Hertz, Yale New Haven Health, Frederick Health Medical Group, and Verisource Services. Get the details on these breaches below and learn how you can better protect your personal information from becoming the next target.
Icon
Serviceaide

Organization Description: Serviceaide is a software development company based in San Jose, California, specializing in AI-powered solutions for IT and workflow management.

Breach Size: 483,000 people

Data Exposed: An unsecured Serviceaide database exposed the personal and medical information of 483,000 patients of the six-hospital health care system, Catholic Health, which is located in Buffalo, New York. Serviceaide provides information technology support management services to Catholic Health, which requires access to patients’ electronic protected health information. Leaked data includes names, dates of birth, Social Security numbers, medical record numbers, patient account numbers, medical information, health insurance information, provider names and locations, and email/usernames and passwords.

Icon
Onsite Mammography

Organization Description: Onsite Mammography is a Massachusetts-based medical imaging services provider that operates under the Onsite Women’s Health brand.

Breach Size: 350,000 people

Data Exposed: A phishing attack led to unauthorized access of an employee email account at Onsite Mammography, compromising the personal and health information of over 350,000 patients. The breach, discovered in October 2024, exposed data such as Social Security numbers, medical records, and credit card details.

Icon
Hertz

Description: Hertz is a vehicle rental company that also operates Dollar Rent-A-Car and Thrifty Car Rental.

Breach Size: 100,000 people

Data Exposed: Hertz has notified customers of a data breach involving third-party vendor Cleo Communications, which occurred in October and December 2024. While Hertz's own systems were not compromised, sensitive customer information including Social Security numbers and credit card data may have been exposed. The breach was confirmed after an investigation concluded in April 2025. Hertz states there is no evidence of fraud and that Cleo has taken steps to address the issue.

Icon
Yale New Haven Health

Organization Description: Yale New Haven Health is a nonprofit health care system in New Haven, Connecticut, that includes five acute-care hospitals, a medical foundation, outpatient facilities, and multispecialty centers.

Breach Size: 5.5 million people

Data Exposed: Yale New Haven Health experienced a cyberattack in March 2025, resulting in the theft of personal data from approximately 5.5 million patients. This makes it the largest healthcare data breach to be reported so far this year. The compromised information includes names, birthdates, contact details, Social Security numbers, and medical record numbers, though electronic medical records and financial data were not affected.

Icon
Frederick Health Medical Group

Organization Description: Frederick Health Medical Group in Maryland offers a variety of specialties and operates a hospital.

Breach Size: 934,326 people

Data Exposed: A ransomware attack on January 27, 2025, at Frederick Health Medical Group compromised the personal and health information of 934,326 patients. The stolen data includes names, birthdates, Social Security numbers, and medical records. The name of the ransomware group behind the attack was not disclosed, and it is unclear if the ransom was paid.

Icon
Verisource Services

Organization Description: Verisource Services is an employee benefits administration service provider based in Houston.

Breach Size: 4 million people

Data Exposed: Verisource Services has revealed that a data breach initially thought to affect just over 1,000 individuals may have impacted up to 4 million. The February 2024 hacking incident compromised sensitive data including Social Security numbers and health information of employees and dependents of clients who use its services. The full scope wasn’t confirmed until April 2025, over a year later. Verisource has since reported the breach to federal authorities and implemented stronger security measures. 

Hacking & Phishing News
Double Extortion

Double Extortion is a cyberattack strategy commonly used in ransomware attacks where cybercriminals not only encrypt a victim’s data to make it inaccessible but also steal a copy of that data. The attackers then demand a ransom for two reasons: to provide the decryption key needed to restore access to the data and to prevent the stolen information from being publicly exposed or sold. This approach increases the pressure on victims to pay, even if they have secure backups, because the threat of sensitive data being leaked or misused poses serious legal, financial, and reputational risks.

Data Scraping

Data scraping is the process of automatically collecting large amounts of information from websites or online platforms using software tools or scripts. It allows people or companies to extract specific data — such as product prices, contact details, or social media content — without manually copying it. While data scraping can be used for legitimate purposes including market research or competitive analysis, it can also raise ethical and legal concerns, especially when done without permission or when it involves personal or copyrighted information.

GET PROTECTED

The rise in recent data breaches shows just how relentless cybercriminals have become in their quest to access personal and financial information. Whether it's a school, a bank, or a well-known brand, no organization is immune — and that means individuals are at risk. While practicing good cyber habits like using strong passwords and avoiding suspicious links is important, it's not always enough. That’s why IDSeal® offers identity theft protection that goes beyond prevention. From real-time monitoring and instant alerts to 24/7 Identity Theft Recovery Support, IDSeal is here to help you respond quickly and confidently if your information is ever compromised.

Stay connected with us on social media for the latest updates on data breaches and cybersecurity threats as they happen. Don’t wait to become a victim — start protecting your identity now!

Related Articles
Featured image for “Major Data Breaches & Hacking News in June 2024”

Major Data Breaches & Hacking News in June 2024

June 27, 2024While many people across North America were celebrating the end of school, Father’s Day and the beginning of summer this June, identity thieves were celebrating major wins in data breaches. Companies such as Live Nation, Christie’s, Truist Bank, KeyTronic, Panera Bread, and Frontier have all faced significant security…
Featured image for “IDSeal® allows you to independently manage your identity”

IDSeal® allows you to independently manage your identity

As we celebrate Independence Day this month, it’s a perfect time to reflect on the true essence of independence. Just as our nation values freedom and self-governance, it’s equally important to adopt a mindset of personal responsibility in our everyday lives. One critical area where this mindset is essential is…

Start protecting your identity today! Signing up is quick & easy

Remember, 1-in-4 Americans are the victim of identity theft. It's not a matter

of if you'll become a victim, it's when...

Get Protected