The rate and ramifications of data breaches are alarming and widespread in today’s digitally connected world. Everyone is vulnerable – from government agencies to gig workers. This blog will explore everything you need to know about them: what a breach of data, major data breaches just this year, such as the recent 16 billion passwords leak, and some of the biggest companies impacted ─ AT&T, Ticketmaster, Change Healthcare, Sony, and so many more. You’ll also learn how you can defend yourself if you discover a breach of your own data, and if you can take legal action.

What is a Data Breach?

A data breach is the unauthorized access and/or theft of sensitive data, which can include PII (personal data), payment information, clinical data, intellectual property etc. Data breaches can result from:

• Hacking
• Malware (i.e. ransomware)
• Phishing assaults
• Insider threats
• Misconfiguration of databases or cloud servers

Data breaches can lead to anything from identity theft and financial fraud, to substantial reputational damage.

What are National/Public Data Breach Registries?

In the United States, all 50 states have statutory mandatory breach notification laws that require institutions to report breaches involving personal data, generally requiring them to report such breaches within 30 to 45 days.

The proposed National Public Data Breach Registry (NPDBR) is intended to document breaches centrally, making it easier for individuals to identify which breaches included their data – while also operating in conjunction with existing state laws to provide individuals with additional protections.

Major Data Breaches in 2024–2025

1. The 16 Billion Password Mega-Leak (2025

• Arguably the biggest data leak in internet history, the leak affected over 16 billion usernames and passwords in a compilation called “RockYou2024.”
• The leak was found on a hacker forum and appears to be an updated dump from older breaches such as LinkedIn, MyFitnessPal, and others — now combined into one large file.
• Unlike a breach from a single company, this “mother of all breaches” of MOAB, including credentials from numerous platforms over the course of many years.

2. Change Healthcare Data Breach

• Confirmed in early 2024, affected millions of patients.
• The data included medical data, insurance information, and prescription history for patients.
• The breach is legitimate and has also been confirmed in different investigative reports.
• Victims are already reporting incidents of identity theft and bad debts.

3. AT&T Data Breach

• A breach containing over 70 million customer records, which includes Social Security numbers.
• Some users are asking “Did AT&T really get breached?” The answer is yes, and considered to be one of the biggest telecom breaches, ever.
• Many users wouldn’t even know about the breach until their personal information started appearing on the dark web.

4. Ticketmaster Data Breach

• Names, email addresses, and partial credit card information was exposed.
• Hackers involved in the breach claim to have data from more than 500 million customers globally.
• If you’ve purchased online tickets for concerts or events, you may have been affected.

5. Sony Data Breaches

• Sony has been breached multiple times in the last decade.
• In 2024, another attack uncovered internal emails, source code, and employee data.
• The breach was claimed by a group that performs ransomware attacks and demanded payment in cryptocurrency.

6. Capital One and Equifax – Still Applicable

• The Equifax (2017) and Capital One (2019) breaches are still affecting individuals.
• You can still see whether you were affected and file for compensation through their respective settlement programs.
• Many users are still wondering, “Is the Equifax data breach settlement real?” Yes, it was real although payouts have been slow.

How Do Data Breaches Happen?

Common Attack Vectors:

• Phishing – victim is tricked into revealing credentials
• Malware & Infostealers – spyware is installed to capture data from devices directly
• Password reuse – makes it easier to leverage stolen credentials
• Unpatched software and misconfigured servers – which leaves doors open into information technology systems.
• Lack of basic security controls: like MFA, as shown in the Change Healthcare breach
• Third-party vendors and supply chain vulnerabilities.

Who Has Been Impacted and What Are The Implications?

• Are you worried about the Change Healthcare breach? Victims of the breach number in the millions and include patients served by UnitedHealth, and other insurance and healthcare organizations.
• These victims remain vulnerable to compromised data (i.e. SSNs, diagnoses, insurance ID numbers).
• AT&T did a leak of metadata – essentially every retail wireless customer. They were notified after the fact, raising questions of transparency.
• 16 billion credential leak – Any potential victim can be found on virtually any big online platform.
• There are millions of Ticketmaster and Sony victims – check to see if there are offers for alerts and utilize credit monitoring.

How To Check If Your Data Has Been Hacked

• Go to HaveIBeenPwned.com.
• Use the “Security Checkup” feature on Google Password Manager.
• For Healthcare cases, check Change’s notification of guidance, or HHS-national portals.
• Check donations via Equifax, TransUnion, and Experian.
• Be on the lookout for breach emails from services (look for phishing impersonations)

What To Do If Your Data Gets Hacked?

1. Change passwords as they were compromised, and any previously reused passwords !
2. Use MFA on every account.
3. Freeze your credit at Equifax, Experian, and TransUnion.
4. Look at bank/card statements and credit reports thoroughly for any incorrect or suspicious activity
5. Get enrolled in identity monitoring services (usually offers are made after a breach).
6. Report the breach to the FTC (US), ICO (UK), or other government agencies.
7. Watch for settlements (for example, Enzo Biochem, Ticketmaster, Change Healthcare)

Can You Sue After a Data Breach?

Yes, if you can prove:

• Negligent, meaning failure to follow industry standards concerning their protection of your data
• Delays, or no notice
• Proven damages, such as identity theft, fraud, emotional distress, etc.

Ongoing legal actions involve:

• AT&T for exposing phone records
• Change Healthcare for leaking patient data on a national scale
• Ticketmaster for exposing payment information
• Enzo Biochem for instance, claimed $10,000 due to settlement

Should I Freeze My Credit?

Yes! Freezing your credit can help prevent any fraudulent lines of credit being opened. This is even more important when your dox is included and/or financial or identity data is leaked. You can unfreeze it with ease.

How to Prevent Data Breaches

As individuals:

• Use a password manager
• Do not ever reuse passwords
• Use MFA any and everywhere.
• Stay cautious of phishing.
• Check your credentials regularly on Have I Been Pwned and Google.

As companies:

• Regularly perform penetration tests and security audits
• Enforce MFA and Zero Trust policies
• Encrypt sensitive data
• Vet and monitor third-party vendors
• Implement an tested incident and response plan.

Industry-Specific Questions

What type of breach affected Internet Archive?

The Internet Archive has not been subjected to a conventional system hack, but has instead experienced credential stuffing attacks and phishing attacks.

While no formal server exploit has been noted, there is still a possibility that user data and trust have been compromised. Credential stuffing relies exclusively on users that re-use passwords which again emphasizes the need for separate log-in credentials and MFA.

Have Wells Fargo, Chase, or Experian been breached?

Even if a widespread incident didn’t happen, the amount and sensitivity of the data these institutions maintain means diligence must be practiced. Customers need to recognize that they are always a target and utilize credit monitoring software when available.

Was Wireshark used in a data breach?

No. Wireshark has never been used as a vector in a known data breach. However, it could still theoretically be used to data-mine unencrypted information on the network if it were abused DECADES ago by an insider or ran on a compromised machine.

Still, there are no known situations in which Wireshark is stated as an actor or instrument in a prominent data breach.

Conclusion

As the world continues to go digital, it’s clear that data breaches are no longer unusual occurrences, they are commonplace. From the 16 billion credential data leak to ransomware attacks on hospitals that shut down operation, the financial and social implications of poor cybersecurity are on the rise. Data breaches are becoming a grim reality that no organization, or individual, regardless of size or industry, is immune to cyber threats.

The scariest part of this? Many of these breaches are avoidable altogether. We’re watching the same thing over-and-over again; whether it’s misconfigured servers, antiquated software, weak passwords, or inadequate multi-factor authentication all being exploited.

Read about: The Unimaginable 16 Billion-Record Data Breach