The 6 biggest cybersecurity breaches of 2025 so far

2025 is now halfway through, and we have a pretty good idea of what the biggest tech trends will be. AI, cryptocurrency, and AR/VR are just some of the fast-developing technologies that have defined the year so far.

However, there's one tech trend that has continued to flourish year after year, unfortunately: Data breaches.

As more of our lives (and our data) shifts online, data breaches are getting bigger and affecting even more users. Plus, there are some concerning new cybersecurity trends, changing how leaked data spreads.

With half of 2025 left to go, Mashable takes a look at the biggest data breaches to be aware of in 2025 — so far.

The Coinbase bribes and ransom

Coinbase, the biggest cryptocurrency exchange in the U.S., announced last month that it had suffered a data breach that affected nearly 70,000 customers.

While customer usernames, passwords, and crypto wallets weren't affected, a slew of other sensitive data was. Hackers obtained customer names, addresses, phone numbers, email addresses, photos of government IDs (such as driver's licenses and passports), and the last four digits of social security numbers. The hackers were also able to access some user account data, such as balance snapshots and transaction history.

This leaked information could also allow bad actors to socially engineer users and trick them into believing they're talking to a Coinbase employee. Coinbase understood this latter point as well, as the company offered to reimburse any users who lost funds in this way.

The Coinbase data breach was a particularly brazen cybersecurity incident, as the hackers demanded tens of millions of dollars in ransom in exchange for not leaking the stolen data. (Instead of paying the ransom, Coinbase instead announced in a blog post it was "establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack.")

The Coinbase data breach should sound alarms for non-crypto users as well, once they understand exactly how the hackers gained access to the company's systems. Hackers bribed Coinbase-contracted overseas customer service agents to breach the company's systems and gain access to user information. This sort of intrusion can happen to any company.

The Hertz hack reveals extent of third-party vulnerabilities

The Coinbase breach was certainly unique; however, targeting third-party employees and systems has become a major throughpoint connecting some of the biggest hacks of 2025.

In February, for example, the popular food ordering service Grubhub announced a data breach that affected both its customers and drivers. Hackers were able to gain access to a variety of different personal data, ranging from names, email addresses, and phone numbers to partial payment card data. The intrusion happened through a third-party service used by Grubhub's customer support team.

Similarly, some customers of the car rental service Hertz had their data stolen as the result of a vulnerability found in Cleo, a third-party file-sharing service used by the company. Hackers were able to steal not only names, contacts, birth dates, credit cards, and driver's license information, but also even more sensitive data from car accident claims, including social security numbers, government IDs, and medical details.

Cases like these showed that even if you trust a company with your personal data, they're sharing the information with other third parties that you've never even heard of.

Password managers under attack

One of the worst data breaches ever occurred nearly three years ago, and its reverberations are still being felt in 2025.

Back in 2022, password manager LastPass suffered a massive breach when a cybercriminal stole login credentials for one of the four DevOps engineers who had access to the description keys for the company's cloud storage service. The still-anonymous hacker was able to infiltrate LastPass for months, completely undetected, even after LastPass thought it had dealt with the breach.

Now, in 2025, U.S. officials are investigating a number of cryptocurrency-related crimes that they believe the LastPass data breach made possible, according to Bleeping Computer. That includes at least one $150 million heist.

The success of the LastPass data breach appears to have set a nefarious new trend into motion: Bad actors are now explicitly targeting password managers.

Cybersecurity firm Picus Security shared a new report earlier this year that found that cyberattacks on password managers have tripled compared to 2024. The company's researchers discovered that out of more than a million types of malware, 25 percent of them were specifically targeting password managers.

It appears that, in 2025, cybercriminals have discovered that breaking into a service like LastPass gives them not just a login credential to a single service but the keys to the entire kingdom.

Hackers play the hits

It appears that even hackers need reminders, and that's exactly what this 2025 cybersecurity trend provides them.

This year has seen quite a few cases of older data leaks repackaged with updated or entirely new information and re-released, once again putting previously stolen data back on cybercriminals' radar.

For example, just earlier this month, a hacker leaked 86 million AT&T customer records, which included names, dates of birth, phone numbers, email addresses, physical addresses, and social security numbers. However, according to AT&T, their systems had not been compromised, at least not recently. The company told Mashable that an internal investigation revealed that the leak contained only previously leaked materials from last year's Snowflake hack. AT&T released a statement saying, "it is not uncommon for cybercriminals to re-package previously disclosed data for financial gain."

Mashable reported on one of the biggest data leaks, the RockYou2024 leak, last year. Like the AT&T leak, the hacker behind this incident exposed nearly 10 billion credentials simply by compiling previous leaks together and updating them with the latest leaked info.

Similarly, just last month, cybersecurity researcher Jeremiah Fowler discovered a publicly available, unencrypted database including the sensitive login credentials for more than 184 million accounts for a wide variety of platforms. Passwords for Google accounts, Facebook and Instagram accounts, and even Microsoft products were discovered in this database. One social media platform included in the database, Snapchat, said it had not uncovered any unauthorized access in its systems. This likely means that this database of leaked user information was likely compiled through multiple intrusions, directly at the user level, likely due to malware.

This concerning new cybersecurity trend shows that data stolen years ago can potentially come back to haunt you.

A potential X data leak

X, the platform formerly known as Twitter, has certainly changed since Elon Musk took over the platform. It's also faced new cybersecurity issues.

Earlier this year, a user on a prominent hacking forum claimed to have sensitive information, such as email addresses and other potentially revealing metadata, for hundreds of millions of X users. While no login credentials were leaked, the information shared was concerning because it could be used in other nefarious ways, such as being able to uncover an anonymous account. This might seem like much of a concern in the context of annoying trolls. 

However, this metadata, which reportedly included account creation dates, locations, and current and former display names, could be potentially life-threatening for political dissidents in countries with harsh punishments for dissent.

Mashable wasn't able to independently verify the veracity of the leak, but the cybersecurity investigators at Safety Detectives say they were able to verify some of the data.

DOGE wants you(r) data

Speaking of Elon Musk, his Department of Government Efficiency, or DOGE, has the potential to be one of the biggest cybersecurity issues of our time.

We know DOGE embedded itself in numerous government agencies, at times accessing sensitive data. We know DOGE installed Starlink terminals at the White House and bypassed the usual security protocols in doing so (per the New York Times). We know that Musk hired young techies who idolize the billionaire in order to carry out DOGE's mission. (These individuals include then-25-year-old Marko Elez, who had previously published numerous racist posts, and 19-year-old Edward Coristine, also known as Big Balls.)

While Musk has been feuding with his now-former(?) ally, President Donald Trump, the public still doesn't know exactly what information DOGE had access to. More recently, the New York Times also reported that the Trump administration would like the secretive surveillance company Palantir to centralize data on American citizens into one centralized database. Per the Times, Palantir was chosen partly on Musk and DOGE's recommendation.