respect teamwork conversation scale security like value security-breach question delivery-truck dog accident folder slippery wheelchair Lifted Logic Web Design in Kansas City clock location phone play chevron-down chevron-left chevron-right chevron-up facebook checkbox checkbox-checked radio radio-selected instagram google plus pinterest twitter youtube send linkedin computer phone-call play-button quote-end quote-start pin call-answer envelope clock fax-machine right-arrow left-arrow mail-envelope-outlined
(816) 888.8010

Talk To A Lawyer Now

 Do I have a case?

Largest Data Breaches of 2025

Largest U.S. Data Breaches of 2025

2025 has been one of the most active years on record for data breaches. At McShane & Brady, LLC, we hear from people every day who have suddenly received a data breach notification letter. Most are confused, frustrated, and shocked to learn that an organization they never directly interacted with was holding their most personal information, only to then lose it.

Phishing attacks, malware, ransomware, stolen credentials, and human error continue to expose millions of Americans. Despite ongoing attempts to strengthen cybersecurity standards, data breaches continue to rise. Staying informed is an important step toward protecting your privacy and holding companies accountable when they fail to safeguard your information.

Below are some of the largest data breaches reported in 2025.

Change Healthcare (192.7 million people, final count July 2025)

This incident is now considered the largest health care sector breach in U.S. history, impacting approximately 192.7 million individuals.

Exposed data reportedly includes health insurance member IDs, diagnoses, treatment and billing details, Social Security numbers, and other highly sensitive medical information.

Yale New Haven Health System (5.6 million people, March 2025)

On March 8, 2025, unusual activity was detected within their identity management system.

The breach exposed names, addresses, dates of birth, phone numbers, email addresses, race or ethnicity, Social Security numbers, patient types, and medical record numbers.

An 18 million dollar settlement was recently announced. The deadline to submit claims is February 18, 2026.
Click here to access the settlement website.

Blue Shield of California (4.7 million members, February 2025)

In early 2025, Blue Shield of California disclosed that a misconfiguration in its data sharing and tracking setup exposed private health information belonging to roughly 4.7 million members.

The exposure occurred through an analytics and tracking integration that made sensitive data accessible in ways never intended.

DISA Global Solutions, Inc. (3.3 million people, disclosed February 2025)

A breach at employment screening provider DISA exposed the personal information of over 3.3 million people.

Access to names, Social Security numbers, government ID numbers, and possibly some financial details occurred between February and April 2024 but was not disclosed until early 2025. This delay shows how vulnerable personal data can be when companies fail to immediately report unauthorized access.

Episource (5.4 million people, reported June 2025)

Episource, a health care related company connected to UnitedHealth Group, reported a data breach affecting approximately 5.4 million individuals.

Data exposed in the breach included contact information, health insurance details, medical record numbers, diagnoses, test results, treatment details, Social Security numbers, and birth dates.

What did we see in 2025?

Healthcare data remains highly targeted.
Protected health information is among the most sensitive and valuable forms of data, making the health care sector a frequent target for cybercriminals.

Third party vendor risk continues to grow.
Many breaches occurred at vendors or subcontractors. When a company outsources its data processing, a security gap at the vendor becomes a problem for every consumer whose information was shared.

Not all breaches involve hacking.
Misconfigured databases, analytics tools, and poorly synced systems exposed millions of records in 2025. Negligence can cause just as much harm as an outside cyberattack.

If your data has been exposed, time matters.

If you received a data breach notification, or if you suspect your information may have been compromised, you may have legal options. Companies that collect your data are legally required to protect it. When they fail, McShane & Brady, LLC is here to fight for your privacy and hold negligent organizations accountable.

We represent Plaintiffs nationwide in data breach and privacy litigation.

📞 Call us at (816) 888-8010
🌐 Visit mcshanebradylaw.com

Your information is personal, and we are here to keep it that way.

Back to Blog