Major Data Breaches & Hacking News in July 2025

Cyberattacks are showing no signs of slowing down — and July 2025 was especially alarming. 64 million records were compromised in a breach involving McDonald’s alone. Add in millions more from companies like Episource (5.4M) and Ahold Delhaize USA (2.2M), it’s clear that personal information is under siege. These leaks may include sensitive data such as passwords, health records, and device access, increasing the risk of malware and identity theft for everyday users.

McDonald’s

Organization Description: McDonald’s is an international fast-food restaurant company.

Breach Size: 64 million people 

Data Exposed:  A massive McDonald’s data breach exposed the personal information of up to 64 million job applicants. The breach stemmed from basic security flaws in McHire, the applicant screening platform powered by Paradox.ai’s Olivia chatbot. Researchers found that an admin account — used by 90% of McDonald’s franchisees — was protected by the default password “123456.” This simple vulnerability granted access to years of job applications, including names, email addresses, and phone numbers, underscoring the risks of weak security in AI-driven hiring tools.  

Episource 

Organization Description: Episource is a UnitedHealth subsidiary that provides medical coding, risk adjustment services, and software solutions for health care providers and health plans. 

Breach Size: 5,418,866 people 

Data Exposed: The breach at Episource is the second-largest health care data breach so far this year, exposing highly sensitive personal and medical data including names, dates of birth, physical addresses, email addresses, phone numbers, insurance plan details, Medicaid IDs, Social Security numbers, diagnoses, test results, medications, images, and treatments. Episource confirmed that no banking or payment card information was compromised during the incident.

McLaren Health Care 

Organization Description: McLaren Health Care is a nonprofit, integrated health care system that operates a network of hospitals, ambulatory surgery centers, physician practices, and other health-related services. 

Breach Size: 743,131 people 

Data Exposed: The investigation into a 2024 ransomware attack on McLaren Health Care was completed recently, identifying the exposure of personal and protected health information. This included names, Social Security numbers, driver’s license numbers, insurance details, and medical information. 

Ahold Delhaize USA 

Organization Description: Ahold Delhaize USA operates under the umbrella of Ahold Delhaize, a multinational food retail group with several supermarket and e-commerce brands. 

Breach Size: 2,242,521 people 

Data Exposed: The attack on Ahold Delhaize USA compromised personal, financial, and health data that included names, mailing and email addresses, phone numbers, dates of birth, government-issued IDs, bank account information, workers’ compensation and medical details, and employment records. The company has clarified that while customer-facing pharmacy and e-commerce systems remained unaffected, the breach did involve internal business data — including sensitive employment and health-related files — though no customer credit card numbers were found among the stolen data.

Esse Health 

Organization Description: Esse Health is a physician-owned primary care group in the St. Louis metropolitan area. 

Breach Size: 263,601 people 

Data Exposed: The attack on Esse Health compromised personal and health information including names, addresses, dates of birth, insurance details, medical record numbers, and patient account numbers. The organization confirmed that no Social Security numbers were stolen, and its NextGen electronic medical record system remained secure. 

Pierce County Library System 

Organization Description: Pierce County Library System is a public library system located in Pierce County, Washington. 

Breach Size: 336,826 people 

Data Exposed: The stolen data from Pierce County Library’s network included names and dates of birth, disrupting many library services such as the catalog and applications for library cards. The ransomware group “Inc” took credit for the breach, publishing samples such as images of driver’s licenses, passports, and internal documents totaling around 1.94 TB.

Hacking & Phishing News  

Data Exfiltration

Data exfiltration is the unauthorized transfer or theft of data from a computer, network, or digital system to an external source, typically carried out by cybercriminals after gaining access through a security vulnerability or breach. This process is often performed stealthily to avoid detection and can involve personal, financial, or sensitive organizational data. 

 

 

Initial Access Broker (IAB)

Initial Access Broker is when hackers use hidden software (malware) on your device to secretly collect your usernames and passwords. It happens while you’re logging into websites or apps, and you usually don’t know that it’s happening. In some cases, hackers also gather passwords from leaked databases or phishing scams. The stolen passwords are then sold or used to break into your accounts — especially if you reuse the same password across different sites. 

 

 

The recent data breaches at companies like McDonald’s and Episource reveal how cybercriminals are using advanced tactics like data exfiltration and Initial Access Brokering (IAB) to steal sensitive information. In McDonald’s case, attackers gained admin access and quietly extracted 64 million job applicant records. Meanwhile, IAB tactics — such as malware that captures login credentials — may have helped hackers infiltrate systems at Episource, putting millions at risk. These methods show how easily stolen data can spread once access is gained. 

That’s why protecting your personal information with a trusted service like IDSeal® is crucial. IDSeal continuously monitors your data, detects suspicious activity, and helps shield you from phishing attempts, giving you peace of mind in an increasingly risky digital world. 

Stay connected with us on social media for the latest updates on data breaches and cybersecurity threats as they happen. Don’t wait to become a victim — start protecting your identity now!