The Week in Breach News: 1/08/25 – 1/14/25

This week: A breach of an education platform exposes data of over 60 million students and teachers; a nation-state attack hits a government agency in Slovakia; and dive into the dark web in our eBook.
Read this week’s new featured blog: What’s for Sale on the Dark Web (and How AI Is Changing the Marketplace)

PowerSchool
https://www.foxnews.com/tech/powerschool-data-breach-exposes-millions-student-teacher-records
Exploit: Hacking
Industry: Education
Education technology provider PowerSchool experienced a significant data breach, exposing the personal records of an estimated 60 million K-12 students and teachers around the world. The breach occurred on December 28, 2024, when attackers exploited a feature in the PowerSource support portal to access and steal data from the PowerSchool SIS system, used for managing student records, grades, and attendance. The stolen data includes names, addresses, and, in some cases, Social Security numbers, medical records and grades. PowerSchool confirmed this was a network intrusion, not ransomware or a software flaw. The company is offering credit monitoring for affected adults and identity protection for minors and has enlisted a third-party cybersecurity firm to investigate.
How It Could Affect Your Customers’ Business: This breach underscores the importance of strong cybersecurity in educational systems.
Kaseya to the Rescue: Learn to mitigate a company’s risk of damage from often email-based cyberattacks like ransomware in A Comprehensive Guide to Email-based Cyberattacks. GET THE GUIDE>>
Bank of America
https://www.jdsupra.com/legalnews/bank-of-america-notifies-loan-customers-5301971
Exploit: Hacking
Industry: Banking & Finance
Bank of America filed a data breach notice with the Attorney General of Massachusetts after discovering unauthorized access to a third-party vendor’s systems on October 1, 2024. The breach exposed sensitive information about certain loan customers. The potentially exposed data includes names, addresses, passport numbers, phone numbers, Social Security numbers and loan numbers. BofA has since sent notification letters to affected customers, detailing the breach and its impact.
How It Could Affect Your Customers’ Business: This incident highlights the risks associated with third-party vendor security, making checking out vendors’ security commitments critical.
Kaseya to the Rescue: Explore the biggest challenges professionals contended with in 2024 and the impact of AI on cybersecurity in the Kaseya Cybersecurity Survey 2024. GET THE REPORT>>


Are you feeling overwhelmed by IT tasks? Let us show you how to reduce your security workload! GET TIPS>>


International Civil Aviation Organization
https://www.techmonitor.ai/technology/cybersecurity/un-aviation-agency-12000-affected-by-data-breach
Exploit: Hacking
Industry: Government (Quasi-Government Body)


The International Civil Aviation Organization (ICAO) confirmed a data breach involving the unauthorized release of recruitment-related records affecting nearly 12,000 individuals. The breach, spanning from April 2016 to July 2024, exposed personal details such as names, email addresses and employment history. No sensitive financial data, passwords, or passport information was compromised. The breach has been attributed to the hacker group Natohub, and ICAO is investigating the full scope of the incident.
How It Could Affect Your Customers’ Business: It is just as critical for organizations to protect data related to employees and job seekers as is it is to protect other business data.
Kaseya to the Rescue: See how an antiphishing solution that leverages AI and automation can help businesses stop phishing economically. DOWNLOAD EBOOK>>


Uncover today’s worst phishing threats and see smart strategies to keep businesses out of trouble. GET EBOOK>>


Argentina – Policía de Seguridad Aeroportuaria
https://therecord.media/hackers-target-airport-security-payroll
Exploit: Hacking
Industry: Government
Argentina’s Airport Security Police (PSA) were targeted by a cyberattack that compromised personal and financial data of its officers and civilian staff. Hackers accessed PSA payroll records and made unauthorized deductions from employees’ salaries, ranging from 2,000 to 5,000 pesos ($100 to $245), listed under false labels. The cybercriminals exploited a vulnerability in Banco Nación’s systems, which processes PSA’s payroll. In response, PSA blocked some services and launched a cybersecurity awareness campaign. The motive and exact financial impact remain unknown.
How It Could Affect Your Customers’ Business: Organizations must ensure that their third-party partners meet high cybersecurity standards and regularly audit their practices.
Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents phishing from hooking unsuspecting employees. DOWNLOAD IT>>


Learn to defend against today’s sophisticated email-based cyberattacks DOWNLOAD EBOOK>>


The Netherlands – Technische Universiteit Eindhoven (TU/e)
https://nltimes.nl/2025/01/12/cyberattack-disrupts-classes-tu-eindhoven
Exploit: Hacking
Industry: Education
Technische Universiteit Eindhoven (TU/e) took its internal network offline on Sunday following a cyberattack, disrupting access to essential services like email, Wi-Fi, Canvas, and Teams for students and staff. As a result, no educational activities are taking place, including planned makeup sessions and exam preparations. The university’s ICT experts are investigating the attack’s scope and expect the network to be restored by Tuesday. Despite the disruption, TU/e’s buildings and campus remain open.
How it Could Affect Your Customers’ Business: Today’s reliance on technology for education underscores the importance of raising awareness about cybersecurity risks among students, faculty, and staff to help prevent such incidents.
Kaseya to the Rescue: Watch this webinar to explore K365 User, our latest innovation to empower small and midsize businesses to maximize security while boosting productivity. LEARN MORE>>
Norway – Unacast
Exploit: Hacking
Industry: Technology
Location tracking company Unacast confirmed to the Norwegian government that it was hacked, with claims suggesting its data broker subsidiary, Gravy Analytics, was targeted. Leaked data published online by the hackers appears to be authentic, although Unacast has not responded to requests for comment. A preliminary investigation revealed that some of the stolen files may contain personal data.
How it Could Affect Your Customers’ Business: Organizations that handle sensitive data must implement advanced security measures, including encryption, access controls, and regular audits.
Kaseya to the Rescue: Learn about five ways that businesses may be in danger of trouble from the dark web in an infographic that’s also perfect for sharing on social media! DOWNLOAD IT>>
Slovakia – Geodesy, Cartography and Cadastre Office (UGKK)
https://therecord.media/slovakia-registry-cyberattack-land-agriculture
Exploit: Hacking (Nation-State)
Industry: Government
Slovakia’s Geodesy, Cartography and Cadastre Office (UGKK), responsible for managing land and property data, was hit by the country’s largest-ever cyberattack earlier this week. The attack, believed to have been carried out by Ukraine, resulted in a ransomware strike that shut down UGKK’s systems and forced the closure of its offices. The attackers are reportedly demanding millions in ransom. The attack has caused widespread disruption, paralyzing the real estate and mortgage markets, halting property transactions and delaying services like parking permits in Bratislava. Citizens cannot obtain legal documents proving property ownership, and all proceedings related to immovable properties have been suspended. The registry’s full restoration may take months, severely affecting debt recovery and litigation processes.
How it Could Affect Your Customers’ Business: Advanced Persistent Threat (APT) groups often make precisely targeted strikes to create strategic trouble.
Kaseya to the Rescue: Run more effective security awareness and phishing resistance campaigns with this infographic featuring 10 expert tips to maximize your training programs. DOWNLOAD IT>>


Take a deep dive into why an AI-powered anti-phishing solution is a smart financial choice. GET EBOOK>>


Read this week’s feature story: What’s for Sale on the Dark Web (and How AI Is Changing the Marketplace)
Take a deep dive into the dark web economy as we explore the prices of services and commodities on the dark web as well as a look at how artificial intelligence (AI) has impacted that market. READ THE BLOG>>


Learn how to identify and mitigate malicious and accidental insider threats before there’s trouble! GET EBOOK>>


Fresh automation: Training courses and phishing kits are sorted by modified date
We’re always tweaking our solutions to make your life easier. Now BullPhish ID courses and phishing kits are automatically sorted based on the Modified date, from those most recently modified to the oldest. Previously, these pages were sorted based on the Title column. Sorting by Modified date does not apply to courses or kits pinned on their respective pages. READ MORE>>


Learn more about growing supply chain risk for businesses and how to mitigate it in a fresh eBook. DOWNLOAD IT>>


Dive into the State of the Dark Web 2025
Are you ready to learn about the dark web’s underbelly? This must-read eBook delves into the mysterious corners of the dark web today including how cybercriminals exploit it and how sensitive data is sold. We’ll reveal:
- The impact of AI on cybercrime.
- Key players in the cybercrime ecosystem.
- Pricing for cybercrime tools and stolen data.
- Practical tips for defending organizations from dark web threats.
Download it now! GET YOUR EBOOK>>
Did you miss…our infographic 4 Smart Moves to Reduce Your IT Cybersecurity Workload? DOWNLOAD IT>>


Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!


Read our case studies and see how MSPs and businesses have benefitted from using our solutions. READ NOW>