Cyber attacks didn’t slow down this past April 2025, recording sizable breaches and settlements—one data breach compromised the personal identifiable data of 4 million individuals. The cause behind many of these breaches was undisclosed, however, there is a recurring theme of insufficient access controls, third-party vulnerabilities, and delayed breach detection—all weaknesses that zero-trust security measures could have addressed.
Compiled on May 1, the following list of data breach headlines published during the month of April contains details behind the cause of the breach (if available). Source articles have been organized by cause of breach (compromised credentials, insider threat, malware, third party data breach, ransomware, social engineering, system vulnerability, and undisclosed) with articles organized in reverse chronological order.
Security Breaches Reported in April 2025
Compromised Credentials
4/28/2025
Alternate Solutions Health Network Notifies Patients About May 2024 Email Breach | HIPAA Journal
Email accounts have been compromised at four HIPAA-regulated organizations: Alternate Solutions Health Network in Ohio; Park Royal Hospital in Florida; 90 Degree Benefits in Minnesota; and the Charleston Fire Department in West Virginia. Almost 107,000 individuals have been affected.
4/23/2025
Data Breach at Onsite Mammography Impacts 350,000 | SecurityWeek
Massachusetts medical services provider Onsite Mammography is notifying over 350,000 people that their personal and health information was compromised in a data breach. The incident was discovered in October 2024 and involved unauthorized access to an employee’s email account, the firm reveals in a notification letter mailed to the impacted individuals.Some of the emails in the compromised account’s inbox, Onsite says, exposed both personally identifiable information (PII) and protected health information (PHI).
Insider Threat
4/30/2025
33,529 more Texans' data breached by now-fired state workers | The Texas Tribune
Texas Health and Human Services Commission late Wednesday began notifying another 33,529 recipients of state benefits that their private information had been improperly accessed. Three months ago, the state notified 61,104 Texans that their personal information may have been improperly accessed by state employees. A total of nine state employees had accessed individuals’ accounts without a stated business reason.
Malware
4/27/2025
SK Telecom shares plunge after data breach due to cyberattack | Reuters
SK Telecom shares fell as much as 8.5% on Monday to hit their lowest level since August last year, after South Korea's biggest mobile carrier disclosed it suffered a leak of customer data earlier this month caused by a cyberattack. The company said in a statement it would take full responsibility for any harm caused as a result of the breach that was detected on April 18. It described the incident as a large-scale leak of data due to malware, without providing more details.
Ransomware
4/28/2025
Marks & Spencer breach linked to Scattered Spider ransomware attack | Bleeping Computer
Ongoing outages at British retail giant Marks & Spencer are caused by a ransomware attack believed to be conducted by threat actors known as "Scattered Spider" BleepingComputer has learned from multiple sources. M&S confirmed it suffered a cyberattack that caused widespread disruption, including to its contactless payment system and online ordering. The threat actors are believed to have first breached M&S as early as February, when they reportedly stole the Windows domain's NTDS.dit file.
4/28/2025
Hitachi Vantara takes servers offline after Akira ransomware attack | Bleeping Computer
Hitachi Vantara, a subsidiary of Japanese multinational conglomerate Hitachi, was forced to take servers offline over the weekend to contain an Akira ransomware attack. While the company's cloud services are not impacted, Hitachi Vantara systems and Hitachi Vantara Manufacturing were disrupted as part of the containment effort. Additionally, while Hitachi Vantara's remote and support operations are down, customers with self-hosted environments can still access their data as usual.
4/28/2025
Ransomware Attack on Frederick Health Medical Group Affects 934,000 Patients | HIPAA Journal
Frederick Health Medical Group is facing several potential class action lawsuits over a recent data breach that affected more than 900,000 patients. Frederick Health Medical Group, a Maryland-based healthcare group, announced on January 27, 2025, that it had fallen victim to a ransomware attack and had called in cybersecurity experts to investigate the incident.
4/25/2025
Two Ransomware Hacks Affect 1.1 Million Patients | BankInfoSecurity
Two separate ransomware hacks of a Maryland medical group and a California hospital resulted in data thefts affecting more than 1.1 million patients, according to recent reports to regulators. Cybercriminals claim to have leaked 480 gigabytes of data from one of the attacks. Frederick Health in a report filed on March 28 to the U.S. The Department of Health and Human Services said 934,326 people were affected by its hacking incident early this year. California-based Dameron Hospital reported the breach affected nearly 211,000 people.
4/25/2025
Baltimore City Public Schools data breach affects over 31,000 people | Bleeping Computer
Baltimore City Public Schools notified tens of thousands of employees and students of a data breach following an incident in February when unknown attackers hacked into its network. The Maryland Office of the Attorney General confirmed to The Baltimore Sun that the breach impacts over 31,000 individuals. While the school district didn't link the attack to a specific threat group or cybercrime operation, a WBALTV report linked it to Cloak ransomware.
4/23/2025
Navvis & Company; SSM Health Agree to $6.5 Million Data Breach Settlement | HIPAA Journal
Navvis & Company and SSM Health Care Corporation have agreed to a $6.5 million settlement to resolve all claims related to a 2023 data breach that affected 2.8 million individuals. Between July 12, 2023, and July 25, 2023, a cybercriminal group had access to the network of Navvis & Company, exfiltrated sensitive data, and used ransomware to encrypt files. The forensic investigation confirmed that approximately 2.8 million individuals had their data exposed or stolen in the incident.
4/17/2025
Ahold Delhaize confirms data stolen after threat group claims credit for November attack | Cybersecurity Dive
Ahold Delhaize confirmed Thursday that certain files from its U.S. operations were stolen in a November cyberattack after a threat group claimed credit for the incident. The threat group, tracked as Inc Ransom, claimed in a Wednesday post on its leak site to have up to 6 TB of sensitive data from the Netherlands-based supermarket operator’s U.S. division and threatened to release the information if its demands are not met, according to researchers at Arctic Wolf. The attackers have not said what those demands are.
4/16/2025
Retina Group of Washington Agrees to $3.6 Million Settlement to Resolve Data Breach Lawsuit | HIPAA Journal
A settlement has been agreed to resolve a class action lawsuit against Retina Group of Washington over a March 2023 data breach that involved unauthorized access to the protected health information of 455,935 individuals. Retina Group of Washington, a healthcare provider with eye care clinics in Maryland and Virginia, issued notifications about a ransomware attack on March 26, 2023. Under the terms of the settlement, a $3.6 million fund will be created to cover claims, attorneys’ fees, and legal costs and expenses.
4/3/2025
Oracle privately confirms Cloud breach to customers | Bleeping Computer
Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a "legacy environment" last used in 2017, Bloomberg reported. However, while Oracle told clients this is old legacy data that is not sensitive, the threat actor behind the attack has shared data with BleepingComputer from the end of 2024 and posted newer records from 2025 on a hacking forum. Last week, Oracle also notified customers of a breach at the software-as-a-service (SaaS) company Oracle Health(formerly Cerner), impacting multiple U.S. healthcare organizations and hospitals. The threat actor is demanding millions of dollars in cryptocurrency not to leak or sell the stolen data and has created clearnet websites about the breach to pressure the hospitals into paying the ransom.
4/8/2025
Evolve Bank to pay $11.85m settlement over 2024 data breach | FinTech Futures
Memphis, US-headquartered Evolve Bank & Trust has agreed to a proposed $11.85 million settlement to resolve a consolidated class action lawsuit stemming from a 2024 data breach in which plaintiffs allege the bank "failed to adequately protect" the private information of customers. The agreement was disclosed in a recent filing with the US District Court for the Western District of Tennessee. Evolve confirmed that this was "a ransomware attack by the criminal organization, LockBit", which the bank claims gained access to its systems after an employee "inadvertently clicked on a malicious internet link".
4/4/2025
Europcar GitLab breach exposes data of up to 200,000 customers | Bleeping Computer
A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging to up to 200,000 customers. BleepingComputer received confirmation that the compromise is real and that Europcar Mobility Group is currently assessing the extent of the damage.
4/4/2025
Port of Seattle says ransomware breach impacts 90,000 people | Bleeping Computer
Port of Seattle, the U.S. government agency overseeing Seattle's seaport and airport, is notifying roughly 90,000 individuals of a data breach after their personal information was stolen in an August 2024 ransomware attack. The agency disclosed that the resulting IT outage disrupted multiple services and systems, including reservation check-in systems, passenger display boards, the Port of Seattle website, the flySEA app, and delayed flights at Seattle-Tacoma International Airport. Three weeks after the initial disclosure, the Port confirmed that the Rhysida ransomware operation was behind the August 2024 breach.
Social Engineering
4/28/2025
Media firm Urban One confirms data breach after cybercriminals claim February attack | The Record
Media conglomerate Urban One reported a data breach in recent days involving the personal information of employees and more. The company said the cyberattack began on February 13 and was initiated through “a sophisticated social engineering campaign.” The hackers were able to exfiltrate company data but the company only discovered the incident on March 15. The attack on Urban One was claimed by the Cactus ransomware gang on March 12.
System Vulnerability
4/11/2025
Western Sydney University discloses security breaches, data leak | Bleeping Computer
Western Sydney University (WSU) announced two security incidents that exposed personal information belonging to members of its community. One of the incidents disclosed concerns the compromise of one of the University’s single sign-on (SSO) systems between January and February 2025. The second cybersecurity incident concerns a leak on the dark web of personal information belonging to members of the University’s community. Between the security incidents, the educational institute suffered another data breach in May 2023, which it discovered and disclosed it a year later, informing its community that hackers had accessed its Microsoft Office 365 environment, including email accounts and SharePoint files.
Third Party Data Breach
4/30/2025
Ascension Data Breach: Patient Information ‘Likely Stolen’ After ‘Inadvertently’ Being Shared With Former Business Partner | CRN
Ascension, a health system with 105 hospitals and operations in 16 states and Washington, D.C., said it discovered late last year that some patient information was “likely stolen” after the organization “inadvertently disclosed” that data to a former business partner, which suffered a breach through third-party software. The disclosure of the data breach comes less than a year after Ascension suffered a catastrophic cyberattack that disrupted clinical operations, affecting 5.6 million people.
4/15/2025
Hertz Data Breach Included Credit Card, Personal Data | CNET
The car-rental company Hertz is warning its customers that a data breach exposed personal information including driver's licenses, credit-card data, contact information and in some cases social security or passport numbers. The company said that hackers breached Cleo Communications, a company that it works with for file transfers.
4/9/2025
WK Kellogg Confirms Data Breach Tied to Cleo Software Exploit | Infosecurity Magazine Sensitive employee data at WK Kellogg Co. has been exposed in a cybersecurity breach after attackers exploited a vulnerability in file transfer software used by the company. The breach, which occurred on December 7 2024, involved unauthorized access to personnel files transferred via Cleo servers.
Undisclosed
4/30/2025
4 Million SSNs May Have Been Leaked in Employee Benefits Company Breach. Are You One of Them? | CNET
VeriSource Services, an employee benefits company, has disclosed that a February 2024 data breach has compromised the personal identifiable data of 4 million people. VeriSource last September said the breach affected 112,000 people, but has now revised the number substantially.
4/30/2025
City of Long Beach Says at Least 260,000 Affected by Hack | GovInfoSecurity
The City of Long Beach, Calif., is notifying roughly 260,000 individuals that their protected health information may have been stolen in a November 2023 cyberattack that also disrupted IT systems for several weeks. The city says it's added $1 million to its cybersecurity budget since the incident. According to their FAQ document, the city refused to disclose specific details on how the unauthorized user gained access to the City’s network.
4/29/2025
Endue Software Confirms Data Breach Affecting Multiple Providers | The HIPAA Journal
Endue Software, an infusion management platform provider, has recently confirmed it has been affected by a cyberattack that involved unauthorized access to patient data. In its substitute breach notice, Endue Software explained that unauthorized access to some of its systems was identified on February 17, 2025. Endue Software has reported the breach to the HHS’ Office for Civil Rights as a data breach affecting 118,028 individuals; however, some of its customers may be reporting the data breach separately
4/28/2025
African Telecom Giant MTN Group Discloses Data Breach | SecurityWeek
MTN Group, one of the largest telecommunications services providers in Africa, says the personal information of some customers was compromised in a cyber incident. The company added that it had no evidence that customer accounts and wallets had been directly compromised. The company did not say how many individuals might have been affected by the incident, but encouraged all customers to remain vigilant and follow recommended security practices.
4/25/2025
5.5 Million Patients Affected by Data Breach at Yale New Haven Health | SecurityWeek
The Yale University-affiliated healthcare organization revealed on April 11 that it detected unusual activity on its IT systems on March 8. While patient care was not impacted by the incident, an investigation showed that hackers managed to copy data from Yale New Haven Health systems on the day the intrusion was discovered. YNHHS may have been targeted in a ransomware attack, but no known cybercrime group has taken credit for it. If it was indeed a ransomware attack, the healthcare organization may have decided to pay a ransom to avoid a data leak.
4/23/2025
340,000 Individuals Affected by Security Breach at St Clair Orthopaedics & Sports Medicine | HIPAA Journal
Data breaches have recently been announced by St Clair Orthopaedics & Sports Medicine in Michigan and Rheumatology Associates of Baltimore in Maryland. St Clair Orthopaedics & Sports Medicine (SCOSM) in St. Clair Shores, Michigan, reported a breach to OCR on January 30, 2025, that involved the protected health information of 340,000 individuals. Rheumatology Associates of Baltimore (RAB) in Maryland has recently disclosed a security incident involving the protected health information of 28,968 patients at one of its business associates, Endue Software.
4/23/2025
Kelly Benefits Data Breach Impacts 260,000 People | SecurityWeek
Maryland-based benefits and payroll solutions provider Kelly & Associates Insurance Group (dba Kelly Benefits) has disclosed a data breach impacting more than 260,000 people. The company told the Maine Attorney General that the data breach impacts nearly 264,000 people. While it’s possible that Kelly Benefits has been targeted in a ransomware attack, no known ransomware group appears to have taken credit for the hack. Considering that the incident occured months ago, the company may have paid a ransom to avoid a data leak if it was indeed targeted in a ransomware attack.
4/22/2025
Conduent warns January breach impacted a 'significant' number of people | Cybersecurity Dive
Conduent Inc. warned in an April 14 regulatory filing with the Securities and Exchange Commission that a “significant” number of people had their personal data stolen in a January cyberattack that affected a limited number of the company’s clients. Conduent confirmed in January that the attack was related to a cyber intrusion but did not elaborate on how the threat actor gained access or what specific techniques were used once the hackers breached the systems.
4/21/2025
Email Accounts Breached at San Francisco Campus for Jewish Living & Altior Healthcare | HIPAA Journal
Hebrew Home for Aged Disabled, doing business as San Francisco Campus for Jewish Living in California, has notified 2,568 individuals about the exposure of some of their protected health information in an email security incident. The substitute breach notice does not state when the email account breach was compromised, only that the unauthorized access was detected on December 27, 2024. The email account was immediately secured to prevent further access, and an investigation was launched to confirm the nature and scope of the unauthorized activity.
4/23/2025
4/19/2025
OCH data breach exposed 67K patient files | The Dispatch
OCH Regional Medical Center announced Friday that it suffered a data breach that went undiscovered for more than a week in September 2023, potentially compromising a wide swathe of patient information. The hospital sent a press release just after 4 p.m. Friday that said “unauthorized individuals” found their way into OCH systems on Sept. 6 and went undetected until Sept. 14, gaining access to as many as 67,000 files.
4/17/2025
Entertainment services giant Legends International discloses data breach | Bleeping Computer
Entertainment venue management firm Legends International warns it suffered a data breach in November 2024, which has impacted employees and people who visited venues under its management. The investigation results confirmed that the intruders had exfiltrated personal data files, though the exposed data types aren’t determined in the sample letter. The scope of the data breach and the number of exposed individuals remains unknown.
4/11/2025
US lab testing provider exposed health data of 1.6 million people | Bleeping Computer
Laboratory Services Cooperative (LSC) has released a statement informing it suffered a data breach where hackers stole sensitive information of roughly 1.6 million people from its systems. LSC is a Seattle-based nonprofit organization that provides centralized laboratory services to its member affiliates, including select Planned Parenthood centers. The organization published a notice of a security incident caused by a threat actor that breached its networks in October 2024 and stole data.
4/11/2025
Hackers Breach Morocco's Social Security Database | SecurityWeek
Morocco’s social security agency said troves of data were stolen from its systems in a cyberattack this week that resulted in personal information being leaked on the messaging app Telegram. The North African kingdom’s social security fund administers pensions and insurance benefits to millions of private sector workers, from assembly line laborers to corporate executives. It said in a statement Wednesday that preliminary investigations suggest the leak resulted from hackers bypassing its security systems. Moroccan media have attributed the attack to Algerian hackers, describing it as an episode in a larger cyberwar between the two countries.
Access Control Matters
April’s breach headlines make one thing increasingly clear: attackers aren’t slowing down, and poor defenses only help them in their endeavors. The majority of breaches—whether driven by ransomware groups, insider threats, or credential theft—still succeed not because they’re innovative, but because security fundamentals are neglected. Many organizations are still relying on outdated access models that grant too much trust, too early, and hold on to it for too long. In this environment, “good enough” security is no longer good enough.
To reduce risk, security must move closer to real-time, risk-aware decision-making. That means enforcing strict, dynamic access policies that account for context—who’s requesting access, from where, on what device, and why. Zero Trust isn’t a buzzword; it’s a practical, layered approach to preventing lateral movement and minimizing blast radius when breaches inevitably occur.
Pomerium was built for this reality. As a zero-trust reverse proxy grounded in continuous verification, Pomerium empowers organizations to authenticate, authorize, and monitor every request to internal applications—without relying on a VPN. Companies can and should move from reactive security to resilient security—before the next breach strikes.
Try Pomerium Today.
