Here’s your weekly #databreach news roundup:
Ascension, Insight Partners, Pearson, Raw, and Verisource.
Ascension
Ascension Health reveals a #databreach affecting 437,329 patients, exposing personal and healthcare info due to a third-party software vulnerability.https://t.co/qbVvAX650x
— DevaOnBreaches (@DevaOnBreaches) May 11, 2025
Ascension, a major U.S. healthcare provider, has confirmed that a data breach exposed the personal and medical information of over 430,000 patients. The breach happened after sensitive data was mistakenly shared with a former business partner, whose software had a security flaw that hackers exploited in December 2024. The exposed information includes names, contact details, Social Security numbers, and medical records like diagnosis and insurance data. Ascension began investigating in December and confirmed the breach in January 2025, later reporting the full scale of the incident in April.
Insight Partners
VC firm Insight Partners confirms #databreach from a Jan 2025 social engineering attack, sensitive data on employees & investors (LPs) exposed, including banking, tax, and personal info.https://t.co/a3a8xqN6SN
— DevaOnBreaches (@DevaOnBreaches) May 9, 2025
Insight Partners, a major venture capital firm managing over $90 billion in assets, confirmed that sensitive data was stolen in a cyberattack in January 2025. The breach, caused by a sophisticated social engineering attack, allowed unauthorized access to the company’s systems for one day. Exposed data may include financial, tax, and personal details of employees, investors, and partners. While business operations weren’t disrupted, the full scope is still under investigation. Affected individuals will be notified gradually, and the firm advises precautions like changing passwords and monitoring financial accounts. The attackers’ identity and exact method remain unknown.
Pearson
Education giant Pearson suffered a #databreach via an exposed GitLab token, allowing hackers to steal customer data, source code, and cloud credentials. Millions are possibly affected. https://t.co/ycYsfuuY8L
— DevaOnBreaches (@DevaOnBreaches) May 9, 2025
Pearson, a global education company, experienced a cyberattack in early 2025 where hackers accessed its systems using an exposed GitLab token found in a public configuration file. This allowed them to steal terabytes of internal data, including customer information, financial records, and source code from cloud platforms like AWS and Google Cloud. While Pearson claims the stolen data was mostly “legacy data” and did not include employee information, millions may have been affected. The company has not disclosed whether it paid a ransom or how many customers were impacted, but says it is enhancing security and continuing its investigation.
Raw
Security flaw exposed users' personal & location data on the dating app Raw, including street-level coordinates.
— DevaOnBreaches (@DevaOnBreaches) May 3, 2025
The bug was due to a lack of authentication on the app's server #databreachhttps://t.co/L0uoGBtu3M
Dating app Raw suffered a major security lapse that exposed users’ personal and location data, including names, birthdates, preferences, and precise GPS coordinates, due to a vulnerability known as an insecure direct object reference (IDOR). The flaw allowed anyone with a browser to access user profiles simply by changing the URL. Although Raw claims to use end-to-end encryption, an analysis by TechCrunch found no such protection in place. The company fixed the issue after being contacted but has not committed to notifying affected users, and admitted it had not undergone a third-party security audit. An investigation into the breach is still ongoing.
VeriSource
VeriSource Services warns that a 2024 #databreach exposed the personal info of 4M people. The breach discovered in Feb 2024, was only fully evaluated by April 2025. Impacted data includes names, SSNs, and more.https://t.co/FId3l3sprU
— DevaOnBreaches (@DevaOnBreaches) April 30, 2025
VeriSource Services, a Texas-based employee benefits and HR solutions firm, has disclosed a data breach that exposed the personal information of 4 million individuals. The breach occurred in February 2024 but wasn’t fully assessed until April 2025. Exposed data includes names, addresses, birthdates, genders, and Social Security numbers. Although some affected people were notified earlier, the full scope was only recently confirmed. The company is now offering a year of free credit and identity protection services. The exact cause of the breach remains unclear, and there’s no indication yet of ransomware involvement.
