Here’s your weekly #databreach news roundup:
Western Alliance Bank, Pennsylvania State Education Association (PSEA), California Cryobank, and Tata Technologies.
Western Alliance Bank
Arizona-based Western Alliance Bank is notifying nearly 22K customers their personal information was stolen in October after a third-party vendor's secure file transfer software was breached. #databreachhttps://t.co/E27Imsk7lz
— DevaOnBreaches (@DevaOnBreaches) March 21, 2025
Western Alliance Bank, based in Arizona, has notified nearly 22,000 customers that their personal information was stolen in October 2024. Hackers gained access to the bank’s systems through a vulnerability in third-party file transfer software. The stolen data includes names, Social Security numbers, dates of birth, financial details, and other personal identifiers. The breach was discovered after some of the stolen files were leaked online. While there is no evidence that the data has been misused, the bank is offering free credit monitoring to affected customers. The attack was reportedly carried out by the Clop ransomware group, which exploited a security flaw in the third-party software.
Pennsylvania State Education Association (PSEA)
The Pennsylvania State Education Association (PSEA), a labor union representing educators across the state, says hackers stole the sensitive personal information of more than half a million of its members. #databreachhttps://t.co/ZPdsyWhJ9p
— DevaOnBreaches (@DevaOnBreaches) March 21, 2025
Hackers stole sensitive personal information of over 517,000 members of the Pennsylvania State Education Association (PSEA) during a cyberattack in July 2024. The breach affected current and former teachers, counselors, healthcare workers, and school social workers. Stolen data includes Social Security numbers, passport numbers, medical and financial information, as well as account numbers, PINs, passwords, and security codes. PSEA stated not all data was stolen from every affected person and took steps to delete the data, suggesting the attack may have involved a ransom demand. However, paying the ransom doesn’t guarantee that the stolen data was fully deleted.
California Cryobank
US sperm donor giant California Cryobank is warning customers it suffered a #databreach that exposed customers' personal information.https://t.co/O88LKs6zNc
— DevaOnBreaches (@DevaOnBreaches) March 19, 2025
California Cryobank, the largest sperm bank in the US, has warned customers about a data breach that exposed personal information. The breach, detected on April 21, 2024, involved unauthorized access to the company’s network, potentially compromising data between April 20 and April 22, 2024. Exposed data includes names, bank account details, Social Security numbers, driver’s license numbers, payment card information, and health insurance details. The company is offering one year of free credit monitoring for those affected. It is unclear whether donor information, including ID numbers, was accessed, raising concerns for individuals who donated sperm anonymously. California Cryobank has implemented additional security measures to protect data.
Tata Technologies
Ransomware gang Hunters International has leaked data allegedly stolen from Tata Technologies, including employee info & confidential contracts. The 1.4TB leak follows a Jan ransomware attack on Tata.https://t.co/sKyskJftlS
— DevaOnBreaches (@DevaOnBreaches) March 12, 2025
The ransomware group Hunters International has leaked data it claims to have stolen from Tata Technologies, a month after the company confirmed a ransomware attack in January 2024. The leaked data includes over 730,000 documents, such as spreadsheets, presentations, and contracts, totaling around 1.4 terabytes. The stolen information contains personal details of employees, as well as sensitive company data like purchase orders and contracts with clients in India and the US. While Tata Technologies had previously stated that its client services were unaffected, it’s unclear if this leak is connected to the earlier attack. Hunters International, a new ransomware group, has ties to the Hive gang and has been linked to several high-profile attacks.