Welcome to the inaugural edition of The Breach Report, your monthly digest of critical cybersecurity events and insights. As we kick off the new year, January has already presented a stark reminder of the ever-evolving cyber threat landscape.
This month, we’ve witnessed significant cyber incidents targeting a range of sectors, from educational institutions to government agencies. Staying informed and proactive is paramount, and this newsletter is committed to equipping you with the knowledge and tools to navigate these challenges.
Top 7 Breaches & Cyberattacks of January 2025
1. Charter and Windstream networks
-
How: Breach of Charter Communications, Consolidated Communications, and Windstream by Chinese hackers.
- Impact: Potential exposure of sensitive network infrastructure data, raising concerns over national security.
- Lessons: Reinforces the importance of securing telecom networks against state-sponsored cyber threats.
- Source: https://www.csoonline.com/article/3632044/more-telecom-firms-were-breached-by-chinese-hackers-than-previously-reported.html
2. The U.N.’s International Civil Aviation Organization (ICAO)
- How: Breach of Charter Communications, Consolidated Communications, and Windstream by Chinese hackers.
- Impact: Potential exposure of sensitive network infrastructure data, raising concerns over national security.
- Lessons: Reinforces the importance of securing telecom networks against state-sponsored cyber threats.
- Source: https://www.csoonline.com/article/3632044/more-telecom-firms-were-breached-by-chinese-hackers-than-previously-reported.html
3. PowerSchool
- How: Cyberattack targeting K-12 student management systems.
- Impact: Data of 62.4 million students and 9.5 million teachers potentially exposed.
- Lessons: Underlines the need for enhanced cybersecurity in education technology platforms.
- Source: https://www.nbcnews.com/tech/security/powerschool-hack-data-breach-protect-student-school-teacher-safe-rcna189029
4. Green Bay Packers
- How: Online retail store breach compromising payment systems.
- Impact: Over 8,500 customers’ credit card details stolen.
- Lessons: Stresses the importance of securing e-commerce platforms and payment infrastructure.
- Source: https://www.bleepingcomputer.com/news/security/thousands-of-credit-cards-stolen-in-green-bay-packers-store-breach/
5. Medusind
- How: Cyberattack exposing medical billing records.
- Impact: 360,934 individuals’ personal and health information affected.
- Lessons: Emphasizes the critical need for security in third-party healthcare service providers.
- Source: https://www.infosecurity-magazine.com/news/medusind-breach-patient-data/
6. BayMark Health Services
- How: Data breach targeting addiction treatment provider’s patient records.
- Impact: Exposure of sensitive patient health data from a September 2024 attack.
- Lessons: Demonstrates the increasing risk to healthcare organizations managing confidential data.
- Source: https://thecyberexpress.com/baymark-health-services-data-breach/
7. Committee on Foreign Investment in the US (CFIUS)
- How: Chinese state-sponsored hackers accessed the Treasury Department’s unclassified systems.
- Impact: Potential compromise of national security-related investment data.
- Lessons: Reinforces the risk of cyber espionage targeting government agencies assessing foreign investments.
- Source: https://www.cnn.com/2025/01/10/politics/chinese-hackers-breach-committee-on-foreign-investment-in-the-us/index.html
Industry Spotlight
The Education Sector
Educational institutions, including K-12 schools, continue to be prime targets for cyberattacks due to the sensitive nature of the data they hold and their often-limited resources for cybersecurity.
The PowerSchool breach and the Alberta Schools Cyberattack highlight the vulnerability of the education sector, urging increased investment in cybersecurity measures, including secure communication systems and data protection strategies.
Emerging Threats to Watch
- AI-Powered Phishing: Attackers using AI to create highly convincing phishing emails, making it more difficult for users to spot malicious intent.
- Ransomware as a Service: Cybercriminals using subscription-based ransomware kits, lowering the barrier for entry and increasing the frequency of attacks.
- Mobile Malware: As reliance on mobile devices grows, malware targeting smartphones and tablets is on the rise.
Regulatory Updates
- U.S. Treasury Department Sanctions: The U.S. Treasury imposed sanctions on Integrity Technology Group in response to the “Flax Typhoon” cyberattacks, marking a significant move in the government’s efforts to combat foreign cyber threats.
- New Cybersecurity Regulations: Various regions are considering updated data breach notification requirements and tighter regulations around critical infrastructure security.
Pro Tips and Tools
- Zero Trust Security: Adopt a “never trust, always verify” approach to network access to minimize security risks.
- Regular Security Audits: Conduct routine vulnerability assessments to identify weaknesses and improve your organization’s cybersecurity posture.
- Employee Training: Empower employees with the knowledge to recognize phishing attempts and other social engineering tactics.
Poll
What is your organization’s biggest cybersecurity concern?
- Ransomware
- Phishing
- Data Breaches
- Cloud Security
- Other
As January has shown us, the cyber threat landscape is not only active—it’s evolving at a rapid pace. From large-scale breaches in government and education to sophisticated tactics like AI-powered phishing, it’s clear that no sector is immune. The Breach Report is here to keep you ahead of the curve with monthly insights, practical tools, and expert guidance to help you stay secure.
Thank you for joining us for our first edition—be sure to follow Everykey for next month’s roundup, and don’t forget to cast your vote in our poll! Until then, stay vigilant, stay informed, and stay protected.
About Us
Everykey is on a mission to make cybersecurity easy and convenient.
Everykey delivers a proximity-based, frictionless, and touchless secure access platform. Offering passwordless authorization and multi-factor authentication, it seamlessly integrates with identity platforms to make secure access effortless. Everykey empowers IT leaders to adopt secure and employee-friendly zero-trust strategies.
🔗 The Breach Report (Monthly Cyberattack Roundup)
📅 Schedule A Demo with our team
