Data breaches are a continuing critical challenge for cybersecurity. Sensitive information can now be spread rapidly on the dark web for malicious purposes with targeted, fraud, and ransomware proliferation. Over the last two years, there have been a number of standalone traumas, including data breaches which have stood out for their scale and unique lessons. Here are the 10 most critical breaches, and what they mean for businesses and individuals.
Top 10 Most Significant Data Breaches:
Snowflake Data Breach
Snowflake, a provider of cloud storage, suffered a data breach in 2024 when threat actor UNC5537 (“Judische”) exploited stolen credentials from infostealer malware. Data on at least 165 of their corporate customers was leaked, including millions of individual records, business data tables, and access roles. Some of this information was then sold on various dark web forums.
Important lesson learned: Cloud security relies on the provider, but also proper endpoint hygiene, regular supplier account monitoring, and enforcing zero-trust techniques.
National Public Data (NPD) Breach
In 2024, U.S. data broker National Public Data (NPD) leaked 2.9 billion records containing personal information, including names, addresses, phone numbers, dates of birth, and sensitive identifiers. This number was significant enough for the dataset to rapidly become an asset for identity theft and social engineering.
Important lesson learned: Data brokers should implement more stringent retention and disclosure policies, and victims should proactively monitor identity and seriously consider identity theft protection services.
AT&T Call and Message Records Leak
In 2024, AT&T acknowledged that customer data—subscriber information, call metadata, and telephone accounts—were located on the dark web. The event served as a reminder of how sensitive the telecom data is, because it can be used to track individuals’ locations and impersonate individuals.
Takeaway: Telecom providers must enhance supply-chain security, implement quick credential rotation, and implement continuous crisis communication plans.
GitHub / Git Configuration Credential Exposure
In the EMERALDWHALE campaign (2024), tens of thousands of exposed GitHub repositories with API keys, cloud credentials, and private code were exposed. This improper exposure opened up the opportunity for lateral movement and supply-chain attacks.
Key lesson: Do not store or embed secrets in source code. Organizations should implement secret-scanning, ensured CI/CD pipelines, and periodic credential checking.
Coca-Cola / Regional Partners – Everest Ransomware
In May 2025, the Everest ransomware group said it had access to Coca-Cola regional partners’ data, even leaking employee passports, visa records, and payroll files. Coca-Cola started an investigation, but the exposure raised questions about the security of suppliers.
Key lesson learned: Brand value can become affected due to the weaknesses of suppliers. Large corporations need to conduct strict audits, protect HR data through encryption, and think about their risks of third party vendors.
Qantas Customer Data Breach
In July 2025, Australia’s national carrier Qantas made public, millions of customers were impacted by a data breach. The information that was exposed included names, emails, dates of birth, and loyalty program information. Although payment data was not released in the breach, it did cause considerable alarm for customers who had frequent-flyer accounts. These accounts were subsequently targeted by phishers.
Key take away: Loyalty programs are a high value target. Multi-factor authentication (MFA), anomaly monitoring, and strong identity verification should be part of standard operating procedure.
Kadokawa / Niconico – BlackSuit Breach
Japanese media firm Kadokawa and the video-sharing platform Niconico suffered a data breach publicized in June 2024 after the BlackSuit ransomware group compromised their systems in the previous month. The intrusion resulted in the exposure of 250,000 user records and internal documents. The attack caused service disruptions and delays in publishing that impacted users and corporate partners alike.
Key lesson: Media businesses need to safeguard and protect data for both user accounts and partner-provided content. This requires robust access controls and data segmentation.
DeepSeek Log Leak
In early 2025, the Chinese AI startup DeepSeek experienced a misconfigured database that exposed chat logs, API keys, and other backend information for chatGPT. Security researchers confirmed that there was no authentication required to query the exposed database.
Key Takeaway: Rapid adoption of AI technologies will sometimes overlook the basics; misconfiguration remains one of the biggest risks, and developers and security teams ought to be engaged early in the product lifecycle.
Orleans Parish Sheriff’s Office – Qilin Ransomware
In September 2025, the Qilin group leaked 842 GB of data from the Louisiana sheriff’s office including court documents and various financial files. The data breach raised concerns regarding the integrity of the judicial process and the public’s trust in it.
Key Takeaway: Ransomware now threatens the justice and public safety systems. Agencies that are deemed critical should have networks segmented so that data whenever possible resides on different networks. Patch management and disruption response plans should have been tested.
MOVEit Transfer Zero-Day Exploit
In 2023, the Cl0p ransomware group exploited MOVEit Transfer zero-days to breach the systems of hundreds of organizations. The breach affected government and educational institutions as well as businesses, with the data released on the dark web ranging from financial documents to communications between coworkers.
Lesson learned: The MOVEit case demonstrates the inherent risk of software supply-chain attacks. Organizations should be prepared to deploy rapid patching, vendor audit enforcement and to prepare for mass usage events.
To summarize Top 10 Most Significant Data Breaches:
These ten incidents clearly show how cloud misconfigurations, weak vendor security, ransomware, and massive leaks from big data Brokers put millions of people and organizations at risk. Regardless of whether it happened to a telecom, airline, AI start-up, or government agency, we are once again reminded by attackers of both technical and operational vulnerabilities.
For defenders, the message is clear:
- Enforce zero-trust access practices.
- Continually review vendors and supply chain.
- Protect development pipelines and do not hard-code secrets or credentials.
- Maintain your incident response and crisis communications plans.
In this digital age, robust security and a culture of resilience are not optional; they are essential to survival.
