As 2025 gets fully under way, let’s take a look at the breaches and leaks that occurred in February, from finance to hospitality to delivery.

Zacks Investment Research

The investment company, Zacks, allegedly suffered a data breach dating back to the summer and impacting around 12 million user accounts. A threat actor claimed responsibility for the breach, stating that they gained access to Zacks’ active directory as a domain administrator and stole source code from Zacks.com and 16 other internal websites. The stolen data, which was leaked on a hacker forum in January, includes full names, usernames, email addresses, phone numbers, and physical addresses.

If verified, this would be the third major breach at Zacks in the past four years. The company previously disclosed a breach in January 2023 that compromised the information of 820,000 users between November 2021 and August 2022. Another dataset, leaked in June 2023 and linked to Zacks, exposed the personal details of 8.8 million users and appeared to originate from a 2020 incident. While Zacks has not officially confirmed the latest breach, cybersecurity experts believe it is a new and significant security incident, underscoring the company’s ongoing struggles with data protection.

Finastra Data Breach

Finastra, a major financial technology provider, is notifying victims of a data breach that occurred after unknown attackers compromised its systems in late last year. The London-based company serves over 8,100 financial institutions worldwide, including 45 of the top 50 banks. While the full extent of the breach remains unclear, Finastra has confirmed that at least some victims had their financial information stolen.

According to filings with the Massachusetts Attorney General’s office, the company has begun alerting affected individuals, offering two years of free credit monitoring and identity restoration services. The breach was first detected on November 7, when Finastra noticed malicious activity on certain systems. Though details about the exposed data remain limited—beyond victims’ names—the incident raises concerns about security in the financial sector.

Protect Yourself with Trend Micro ScamCheck

Data breaches and the leaking of users’ personal info to the dark web always leads to an increase in phishing scams. Introducing Trend Micro ScamCheck! Available for both Android and iOS, ScamCheck offers comprehensive protection from the latest deception:

• Scam Check: Instantly analyze emails, texts, URLs, screenshots, and phone numbers with our AI-powered scam detection technology. Stay secure and scam-free.
• SMS Filter & Call Block: Say goodbye to unwanted spam and scam calls and messages. Minimize daily disruptions and reinforce your defenses against phishing.
• Deepfake Scan: Detect deepfakes in real-time during video calls, alerting you if anyone is using AI face-swapping technology to alter their appearance.
• Web Guard: Surf the web safely, protected from malicious websites and annoying ads.

To download Trend Micro ScamCheck or to learn more, click the button below.

GrubHub Breach

GrubHub recently discovered a security incident involving unauthorized access to its systems through a compromised third-party support provider account. The company swiftly terminated access, removed the affected vendor, and launched an investigation. While GrubHub assured users that marketplace customer passwords, Social Security numbers, bank details, and full credit card numbers were not exposed, hackers did access names, email addresses, and phone numbers of diners, merchants, and drivers. Additionally, partial payment card details of some campus diners and passwords for legacy systems were compromised. In response to the breach, GrubHub has implemented additional security measures — it is not known how many individuals were affected.

Trump Hotels Leak

A threat actor known as “FutureSeeker” has posted a sample of what they claim is a stolen dataset from TrumpHotels[.]com, allegedly containing over 160,000 records. The data leak, shared on the hacker forum BreachForums, appears to originate from the hotel’s email notification system. The exposed information includes full names, email addresses, creation dates, and details of past communications.

The stolen data reportedly spans from January 2018 to January 2025, but researchers believe that it does not appear to contain sensitive information, such as reservation details, check-in dates, or financial records. While the full impact of the breach remains unclear, the incident highlights the risks associated with email systems, which can be lucrative targets for cybercriminals.

DISA Data Breach

DISA Global Solutions, a major provider of employee screening services, has disclosed a data breach affecting over 3.3 million individuals. The breach exposed sensitive personal information, including names, Social Security numbers, driver’s license details, financial account data, and other government-issued ID numbers. The affected individuals are those whose current or former employers used DISA’s screening services.

The breach was discovered on April 22, prompting an extensive investigation to determine the scope of the stolen data. DISA has not confirmed whether ransomware was involved, and no known cybercriminal group has claimed responsibility. Given the nature of the compromised information, affected individuals may face heightened risks of identity theft and fraud, reinforcing the need for strong data protection practices in the employee screening industry.

Safeguard Your Identity

Trend Micro is here to have your back in 2025. We would encourage readers to head over to our ID Protection portal, which has been designed to meet the security and privacy threats we now all face. With ID Protection, you can:

• Safeguard your social media accounts against hackers
• Receive alerts if your personal info gets leaked
• Protect against online threats, such as phishing scams
• Stop sites from collecting privacy-compromising data
• Create, store, and manage strong, tough-to-hack passwords.

What’s even better is that you can enjoy a 7-day free trial of ID Protection‘s paid version, so that you can take advantage of all its awesome features and start securing your identity and privacy today! Why not give it a go today?