As we enter the second quarter of 2025, let’s take a look at the breaches and leaks that occurred in March and April, from healthcare to banking and tech to car rental.

• Samsung
• Hertz
• Bank of America
• Healthcare Breaches
• Oracle

Samsung Data Leak

A major data leak has exposed 270,000 customer support records tied to Samsung Germany, after a hacker exploited long-compromised log-in credentials from a third-party vendor.

The attacker, known as “GHNA”, used credentials stolen back in 2021 via the Racoon infostealer from an employee at Spectos GmbH, a service quality provider for Samsung. The credentials were never changed, allowing the hacker to access Samsung’s system in 2025 and publish the stolen data. The exposed information includes:

• Names, emails, and addresses
• Order and tracking data
• Customer support conversations

Experts warn the data could fuel phishing attacks, fraudulent warranty claims, and even package theft. The breach highlights the dangers of poor credential hygiene — a growing issue that has hit other major firms like Jaguar Land Rover and Telefonica. Samsung has not yet publicly responded.

Hertz

Hertz Corporation has disclosed a data breach affecting customers of its Hertz, Thrifty, and Dollar brands, after attackers exploited zero-day vulnerabilities in the Cleo integration platform in October and December 2024. The breach was confirmed on February 10, 2025, and exposed sensitive customer data, which may include:

• Names, contact info, and dates of birth
• Credit card and driver’s license information
• Workers’ comp data and, in some cases, Social Security or passport numbers

Hertz has not revealed the total number of affected individuals but notified regulators in Maine (3,409 people) and other states. Victims are being offered two years of free identity monitoring.

The Clop ransomware gang has reportedly posted the stolen data on their extortion site, though Hertz says there’s no evidence of fraud yet.

Bank of America Data Leak

Bank of America has warned customers about a data leak caused by improper handling of sensitive documents by a third-party destruction vendor on December 30, 2024. Documents containing names, Social Security numbers, financial info, and other personal data were reportedly found outside secure containers during transport. The breach has impacted at least two customers in Massachusetts, though the total number remains unknown.

This follows a January 2025 incident that affected 414 customers, also tied to a third-party issue. In response, Bank of America is offering two years of free identity theft protection to affected individuals. The incident underscores ongoing risks tied to third-party data handling and the need for tighter oversight.

Three Healthcare Breaches

Healthcare organizations continue to be prime targets for cybercriminals, and 2025 has already seen several large-scale breaches affecting well over 1.8 million individuals across the United States. In separate incidents, Bell Ambulance, Alabama Ophthalmology Associates, and Laboratory Services Cooperative (LSC) have confirmed ransomware-related data breaches that compromised a wide range of personal, medical, and financial information.

Bell Ambulance, based in Milwaukee, detected a network intrusion on February 13, 2025. The Medusa ransomware group later claimed responsibility, stating they had stolen over 200 GB of data. According to the U.S. Department of Health and Human Services (HHS) breach portal, approximately 114,000 individuals were affected. Stolen data includes names, Social Security numbers, driver’s license numbers, and sensitive health and financial information.

Alabama Ophthalmology Associates, an eye care practice in Birmingham, reported a ransomware attack by the BianLian group. The breach occurred in late January, but the group claimed credit in February. Over 131,000 patients were impacted, with exposed data including Social Security numbers, driver’s license details, medical records, and insurance information.

The largest of the three breaches involves Laboratory Services Cooperative (LSC), a nonprofit lab testing provider connected with reproductive health clinics across 31 U.S. states. On October 27, 2024, LSC was hit with a cyberattack that resulted in the theft of personal and medical data from approximately 1.6 million individuals. Information exposed ranged from names, dates of birth, and Social Security numbers to lab results, diagnoses, insurance data, and even payment card information.

Oracle Data Breach Remains Unconfirmed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a public advisory urging organizations and individuals to take immediate precautions following reports of suspicious activity involving Oracle cloud environments. While Oracle maintains that its Oracle Cloud Infrastructure (OCI) has not been breached, security experts and researchers have raised concerns about potential compromises.

The alert follows unconfirmed claims of a breach affecting up to six million records and over 140,000 Oracle cloud tenants. Researchers have suggested that a flaw in Oracle’s log-in system could be responsible, though Oracle has strongly denied any such vulnerability affecting its current infrastructure.

Despite Oracle’s denial and statement that the leaked credentials are unrelated to its OCI service, industry groups and security experts are calling for more transparency. Lawsuits have already been filed in Missouri and Texas, and stakeholders across sectors are pushing Oracle for clearer communication and formal guidance. As investigations continue, experts recommend that organizations using Oracle services proactively tighten security controls and stay alert to new developments.

Safeguard Your Identity

Trend Micro is here to have your back in 2025. We would encourage readers to head over to our ID Protection portal, which has been designed to meet the security and privacy threats we now all face. With ID Protection, you can:

• Safeguard your social media accounts against hackers
• Receive alerts if your personal info gets leaked
• Protect against online threats, such as phishing scams
• Stop sites from collecting privacy-compromising data
• Create, store, and manage strong, tough-to-hack passwords.

What’s even better is that you can enjoy a 7-day free trial of ID Protection‘s paid version, so that you can take advantage of all its awesome features and start securing your identity and privacy today! Why not give it a go today?