In the first few months of 2025, a series of personal data leaks have occurred on a large scale, showing the inherent and increasingly serious risks that individuals, businesses and state-owned organizations are facing. Not only do these incidents raise concerns about cybersecurity, they also question the ethics of data collection and protection in the digital world.
On June 7, a huge unprotected database was discovered online by cybersecurity researchers. This is considered the biggest leak ever recorded, placing millions of users, mainly Chinese citizens, in an extremely dangerous situation.
This is considered the largest data leak in history, with more than 4 billion people having their personal identification information such as full name, date of birth, phone number, along with sensitive financial data such as card number, debt and savings information, spending habits. The data sources are said to come from many major platforms, including WeChat (more than 805 million records), population data (780 million records) and banking data (630 million records).
In addition to this leak, 2025 also marks a series of notable data leaks, raising the alarm about data security conditions worldwide. Another major leak is the data leak of 2.87 billion users X. Although it does not include emails, this dat set provides a panoramic view of user behavior, from tweet history, session time, location, to usage apps. The incident is believed to be due to an employee's dissatisfaction with data theft during the period of mass dismissal.
Along with that, the leak at PowerSchool, a software provider for more than 18,000 schools in North America, has affected tens of millions of students and teachers. The hackers accessed the system through a customer support portal with a stolen account, causing sensitive information such as scores, medical records, social security numbers and student bans to be leaked. The impact has spread to nearly 800,000 Texans, 134,000 students in Rochester and 16,000 in the UK.
Not stopping there, the data breach at DISA - a company specializing in personnel screening in Texas (USA) - has affected more than 3.3 million people. The hackers have been hiding in the network for two months, collecting financial information, social security numbers and identification documents. As a result, businesses using DISA services are forced to review their entire security strategy.
These large-scale data leaks prove that protecting personal information is no longer an option, but an urgent need in a risky and volatile digital age.