Cyber threats continue to challenge organizations in 2025, and March saw its share of major breaches. From cloud providers to universities, sensitive data was exposed, raising concerns about security gaps and regulatory risks.
Here’s a look at the key incidents, what they reveal about emerging threats, and how organizations can strengthen their security.
1. Oracle Cloud Data Breach
A significant data breach allegedly affecting Oracle Cloud, with approximately six million records compromised, was reported this month. The threat actor, identified as “rose87168,” claims to have exfiltrated sensitive data from Oracle’s Single Sign-On (SSO) and LDAP systems, including Java KeyStore (JKS) files, encrypted passwords, key files, and Java Process Status (JPS) keys.
This incident is being described as one of the most impactful supply chain attacks of the year, potentially affecting over 140,000 Oracle Cloud tenants. The attacker has reportedly sought assistance in decrypting the stolen data and is demanding payment from affected organizations in exchange for deleting their records.
Oracle has officially denied the breach, stating that its cloud infrastructure remains secure and that the credentials being circulated do not belong to its systems. Despite this, multiple cybersecurity researchers and some Oracle customers have confirmed the authenticity of sample data shared by the attacker, raising concerns about the veracity of Oracle’s denial.
Given the conflicting narratives, organizations relying on Oracle Cloud services are advised to take precautionary steps such as rotating passwords and keys, auditing logs for suspicious activity, and strengthening access controls through multi-factor authentication. As the situation unfolds, staying informed through official channels and security advisories is critical.
2. New York University (NYU) Data Breach
New York University (NYU) experienced a major data breach that exposed the personal information of over 3 million applicants. On March 22, a hacker took control of the university’s official website, replacing the homepage with charts displaying SAT and ACT scores, GPAs, and demographic data categorized by race.
The defaced page included a message accusing NYU of continuing to use race-based affirmative action practices, despite the 2023 U.S. Supreme Court ruling that declared such practices unconstitutional.
The individual behind the breach, using the handle @bestn-gy on X (formerly Twitter), claimed responsibility and stated that the data was sourced from NYU’s internal data warehouse. The hacker also alleged involvement in a previous 2023 breach at the University of Minnesota.
The information leaked from NYU included names, test scores, intended majors, zip codes, family backgrounds, and financial aid details, with records dating as far back as 1989.
NYU’s IT team acted swiftly, restoring the website within approximately two hours and notifying law enforcement. The university is currently investigating the breach and enhancing its cybersecurity infrastructure to prevent future incidents. In the aftermath, a class-action lawsuit has been filed against NYU, alleging negligence in protecting sensitive applicant data.
The incident has sparked broader concerns about data security in academic institutions and underscores the need for stronger cybersecurity practices across the education sector.
3. SpyX Stalkerware Data Breach
The stalkerware app SpyX, marketed as a parental monitoring tool, recently suffered a massive data breach that exposed the personal information of nearly 2 million individuals, including thousands of Apple users. The breach revealed highly sensitive data, such as approximately 17,000 iCloud usernames and passwords stored in plaintext, along with email addresses, IP addresses, and device information. In some cases, logs of victims’ activities, including messages and photos, were also exposed.
This breach is especially alarming because stalkerware apps like SpyX are often used for covert surveillance rather than legitimate parental oversight. While these apps claim to help monitor children, they can easily be misused to spy on partners, employees, or unsuspecting individuals, raising serious ethical and legal concerns.
The discovery was made by cybersecurity researchers from DDoSecrets and TechCrunch, who found unsecured backend data during their investigation.
The incident highlights not only the privacy violations caused by such spyware tools but also the security risks they pose to everyone involved, including those who use them.
With this breach, victims are now at increased risk of identity theft, account compromise, and further privacy invasion. It’s a strong reminder of the need for stricter regulation and enforcement against stalkerware, which continues to operate in a gray area with devastating consequences.
4. Jaguar Land Rover Suffers Major Data Breach
Jaguar Land Rover (JLR) reportedly suffered a data breach in March 2025, with a hacker named “Rey” claiming to have exposed 700 internal documents. The leaked data includes development logs, source code, tracking data, and employee credentials. The breach allegedly stemmed from compromised Jira credentials, likely obtained via infostealer malware, similar to tactics used by the HELLCAT ransomware group.
This leak raises concerns over intellectual property theft, employee privacy, and competitive risks. JLR has yet to comment, but the incident highlights the need for stronger security measures like MFA, credential rotation, and continuous monitoring.
Conclusion
This month showed how easily security gaps can lead to serious data breaches. Weak credentials, unsecured databases, and supply chain risks were common factors across incidents. These breaches reinforce the need for stronger authentication, better access controls, and continuous monitoring. Organizations that take proactive steps will be in a better position to prevent and respond to future threats.
Related Reads:
