I am Geek hero graphic: staying vigilant as threats evolve

Staying Vigilant in the Face of Evolving Threats

Evolving cyber threats — from AI-powered phishing to deepfake voice scams — now target small businesses every day, as CISA regularly warns.

Data breaches are now a routine part of online life. As we lean on digital platforms for everything from messaging to shopping, criminals get more chances to grab our personal data. So at I am Geek, we do two things. First, we keep you informed about major breaches. More importantly, we show you how to protect yourself if your information ever leaks.

The Landscape of Recent Data Breaches

The first half of 2025 brought even more data compromises than the year before. Fewer people landed in giant mega-breaches than in 2024. Still, the sheer number of incidents shows the threat is not slowing down. Financial services and healthcare remain the top targets, mainly because they hold such sensitive data. Supply chain attacks are climbing too. In these attacks, one weak third-party vendor can expose dozens of organizations at once.

Notable breaches from the past year

  • Crowdstrike / Microsoft (July 2024): A faulty security update caused a widespread tech outage. It hit millions of computers and disrupted flights, health services, and payment systems.
  • Snowflake Data Breach (June 2024): This cloud storage company suffered a breach. It hit multiple organizations, including Ticketmaster, and exposed large amounts of data.
  • Dell (May 2024): The computer hardware giant confirmed a database hack. Reports suggest it may have hit up to 49 million users.
  • AT&T (April 2024): Attackers leaked the data of 73 million current and former AT&T customers to the dark web. The origin of the breach (AT&T or a vendor) was under investigation.
  • Yale New Haven Health System (April 2025): This breach, detected in March 2025, affected 5.5 million individuals, exposing sensitive health-related data.
  • VeriSource Services (April 2025): A major breach in the HR outsourcing sector, this incident exposed sensitive employee data for 4 million individuals, increasing the risk of identity theft.
  • WK Kellogg Co (April 2025): A ransomware group stole employee and vendor data in December 2024 by exploiting a file transfer platform.
  • Mass Credential Leak (June 2025): Reports point to a massive exposure of 16 billion passwords. It is a stark reminder to use unique, strong credentials.

What to Do When a Data Breach Occurs

While organizations strive to protect your data, it’s crucial to know what steps you can take if you are notified of a data breach or suspect your information has been compromised. Swift action can significantly mitigate potential harm.

Immediate Steps (for Individuals):

  • Change Passwords: Immediately change passwords for the affected account and any other accounts where you use the same or similar credentials. Use strong, unique passwords for each account. Consider using a password manager.
  • Enable Two-Factor Authentication (2FA): Wherever possible, enable 2FA on your accounts. This adds an extra layer of security, requiring a second form of verification (like a code from your phone) in addition to your password.
  • Monitor Financial Accounts and Credit Reports: Keep a close eye on your bank and credit card statements for any suspicious activity. You are entitled to free annual credit reports from Equifax, Experian, and TransUnion.
  • Place a Fraud Alert or Security Freeze:
    • Fraud Alert: Contact one of the three major credit bureaus (Equifax, Experian, or TransUnion) to place a free fraud alert on your credit file. This encourages lenders to verify your identity before extending credit.
    • Security Freeze (Credit Freeze): For stronger protection, consider placing a security freeze on your credit reports with all three bureaus. This prevents new credit from being opened in your name, though it will also prevent you from applying for new credit without temporarily lifting the freeze.
  • Look Out for Phishing Scams: Be extra vigilant for phishing emails, texts, or calls that might attempt to exploit the breach by tricking you into revealing more personal information.
  • Review Company Notifications: Pay close attention to official communications from the breached company. They should provide details about the incident, what data was affected, and any services they are offering (e.g., free credit monitoring).
  • Report Identity Theft: If you suspect your information has been misused for identity theft, report it to the Federal Trade Commission (FTC) at IdentityTheft.gov.

General Guidelines for Organizations Responding to a Breach:

For organizations, a robust data breach response plan is essential. Key steps include:

  1. Containment: Act quickly to stop the breach, isolate affected systems, and prevent further data loss.
  2. Assessment: Determine the scope of the breach, what data was compromised, and who was affected.
  3. Notification: Promptly notify affected individuals, regulatory bodies, and, where appropriate, law enforcement. Be transparent and provide clear instructions on how individuals can protect themselves.
  4. Eradication & Recovery: Remove the threat, patch vulnerabilities, and restore affected systems to normal operation.
  5. Post-Incident Analysis: Learn from the incident, identify root causes, and implement enhanced security measures to prevent future breaches.

Staying informed and proactive are your best defenses in the evolving landscape of data security. By understanding the risks and knowing what steps to take, we can collectively build a more secure digital environment.