In the first quarter of 2025, the number of individuals affected by data breaches in the US jumped by 26% year-over-year, even though the number of incidents remained nearly the same, reports Infosecurity Magazine. According to the Identity Theft Resource Center (ITRC), 824 data compromise events were recorded in Q1 2025, compared to 841 during the same period in 2024. However, the scale of impact rose significantly—from 72.5 million victims last year to over 91.3 million this year.This surge was largely driven by a ransomware attack targeting PowerSchool, a widely used education software provider. The incident alone affected nearly 72 million individuals, making it the most damaging breach of the quarter. PowerSchool disclosed the breach in January, and while details remain limited, the fallout highlighted the extensive reach of cyber-attacks when critical service providers are compromised.The second-largest breach was reported by DISA Global Solutions, a background screening firm, which impacted over 3.3 million individuals. Sector-wise, financial services reported the highest number of breach incidents, followed by healthcare and professional services. Cyber-attacks dominated the threat landscape, accounting for 90.4 million of the total victim count, with the rest attributed to supply chain attacks, human error, and physical security incidents.Notably, transparency continues to decline in data breach disclosures. ITRC found that 68% of notices in Q1 lacked information about the attack vector—an increase from 65% in 2024. This growing lack of detail makes it harder for victims to assess their risk and take appropriate action, signaling a concerning trend in breach reporting practices.
Related Terms
Attack VectorYou can skip this ad in 5 seconds