As April 2025 drew to a close, it left a string of high-profile data breaches in its wake, rattling major organizations. Yale New Haven Health saw 5.5 million patient records exposed, and Hertz dealt with a breach impacting over a million customers.
Attackers exploited vulnerabilities in emails, system setups, and third-party vendors, threatening personal data and critical services. This blog takes a hard look at the major April data breaches of 2025, breaking down their impact and the challenges they pose for securing sensitive information.
Major Data Breaches in April 2025
Yale New Haven Health System Breach
- Detected on March 8, 2025, and disclosed on April 11, 2025, this breach affected 5.5 million individuals. Compromised data included names, dates of birth, addresses, phone numbers, email addresses, race/ethnicity, Social Security numbers, and medical record numbers. The electronic medical record system, financial accounts, payment information, and employee HR data were not accessed. Likely a ransomware attack, hackers copied data on the discovery day, but patient care was unaffected.
- The largest breach of April 2025 by affected individuals, it highlights healthcare’s vulnerability to cyberattacks, with exposed data increasing risks of identity theft and medical fraud. Notifications began on April 14, with credit monitoring offered for those with exposed Social Security numbers.
Blue Shield of California Breach
- Reported on April 9, 2025, this breach affected 4.7 million individuals due to a Google Analytics misconfiguration on company websites, active from April 2021 to January 2024. Data shared with Google Ads included names, family size, insurance plan details, city, zip code, account identifiers, medical claims, patient financial responsibility, and doctor search information. Discovered on February 11, 2025, the Google Ads connection was severed in January 2024.
- The second-largest breach, it underscores risks of third-party vendor integrations in healthcare, raising significant privacy and regulatory compliance concerns. Notifications were sent to affected members.
VeriSource Services Breach
- Disclosed on April 28, 2025, this breach affected 4 million individuals, primarily employees and dependents of client companies. The cyberattack occurred in February 2024, with unusual activity detected on February 28, 2024. Compromised data included names, addresses, dates of birth, gender, and Social Security numbers, varying by individual. The investigation concluded on April 17, 2025, with notifications starting April 23, 2025. Initial estimates in 2024 suggested 112,000 affected, but the scope expanded significantly.
- A major breach in the HR outsourcing sector, it exposed sensitive employee data, increasing risks of identity theft. VeriSource offers 12 months of free credit monitoring and identity protection. No evidence of data misuse has been reported, and no ransomware group has claimed responsibility.
Hertz Corporation Breach
- Disclosed on April 14, 2025, this breach affected 1,000,175 individuals across Hertz, Dollar, and Thrifty brands. Confirmed on February 10, 2025, it stemmed from zero-day vulnerabilities in Cleo’s file transfer platform exploited by the Clop ransomware gang in October and December 2024. Compromised data included names, contact information, dates of birth, credit card details, driver’s licenses, and workers’ compensation claims. A small subset had Social Security numbers, government IDs, passports, or injury-related data exposed. Hertz’s network was not directly impacted.
- A significant breach due to its scale and sensitive data exposed, it heightens risks of fraud and identity theft. Hertz is offering two years of free identity protection through Kroll and reported the incident to law enforcement. The Clop gang’s involvement underscores third-party vendor risks.
Alternate Solutions Health Network Breach
- Reported on April 14, 2025, this breach affected 93,589 individuals. Unauthorized access to an email account, discovered on February 14, 2025, exposed names, dates of birth, addresses, driver’s license numbers, physician/clinician names, clinical information, diagnostics, treatment details, and limited Social Security numbers. Notifications began on April 14, 2025.
- A smaller but significant healthcare breach, it increases risks of identity theft and medical fraud. The email account was secured, and an investigation was launched, highlighting the need for robust email security in healthcare.
PJM Interconnection Breach
- In April 2025, threat actor l33tfg claimed to have breached PJM Interconnection LLC, affecting over 4,000 customer database entries. Leaked data included names, email addresses, and phone numbers, critical for North America’s largest electric transmission system.
- Though smaller, the breach’s target, critical infrastructure, raises energy security concerns. Specific response measures are unclear, but investigations and notifications are likely underway.
WK Kellogg Co Breach
- Disclosed on April 4, 2025, this breach involved employee and vendor data stolen via Cleo’s file transfer platform, exploited by the Clop ransomware gang on December 7, 2024. Discovered on February 27, 2025, it affected an unknown number of individuals, with at least one Maine employee’s name and Social Security number confirmed compromised. WK Kellogg used Cleo for HR file transfers.
- The breach’s scope remains unclear, but exposed HR data poses identity theft risks. WK Kellogg offers one year of free identity theft protection through Kroll. The incident, linked to Clop’s broader Cleo attacks, emphasizes third-party vendor vulnerabilities.
Trusted by leading enterprises like, GHX, Zoho, Darwinbox, Tricenties, and SHL
Strobes helped organizations continuously manage threats, reduce vulnerabilities, and stay compliant, powered by AI-driven security expertise.
Trends and Observations
- Healthcare Dominance: Yale, Blue Shield, and Alternate Solutions highlight healthcare’s ongoing cybersecurity challenges, with ransomware and mis-configurations as key threats.
- Third-Party Risks: Hertz, WK Kellogg, and VeriSource breaches underscore vulnerabilities in third-party vendors like Cleo, emphasizing the need for robust vendor security.
- Critical Infrastructure: The PJM breach signals growing threats to essential services, necessitating enhanced protections.
- Data Sensitivity: Exposed data, including PHI and PII, increases risks of identity theft, fraud, and privacy violations across all breaches.
Conclusion
April 2025 revealed critical data security weaknesses, with breaches impacting healthcare, car rentals, and food industries. Yale New Haven Health’s 5.5 million affected patients and Hertz’s over one million compromised records highlight the risks to personal data.
From email hacks to third-party vendor issues, these incidents threaten identity theft and service disruptions. Companies must prioritize proactive measures like
risk-based vulnerability management and regular penetration testing to strengthen defenses, secure partnerships, and protect customers in a data-driven world.
Citations
