Another year has come and gone, and, with it, thousands of data breaches affecting millions of people. These days, the question generally isn't *if* your information was compromised in a breach this year, it's *how many* different breaches compromised your private data.
Some data breaches, however, are more noteworthy than others. While one might affect a small number of people and include little useful information, another might include specific location information or even a potential medical diagnosis. To bring attention to these breaches we created the Breachies, a series of tongue-in-cheek awards highlighting each year's most egregious data breaches.
This year's honors include the I Didn’t Even Know You Had My Information Award (bestowed upon location data broker Gravy Analytics for a hack that exposed tens of millions of mobile phone coordinates), the Hacker's Hall Pass Award (given to PowerSchool for a breach that compromised personal information of over 60 million students and teachers), and the Annual Microsoft Screwed Up Again Award (awarded to, duh, Microsoft).
Of particular note is Discord's prize, the We Still Told You So Award. EFF has repeatedly warned that age verification laws create serious security risks (on top of being harmful censorship and surveillance regimes). These mandates require users to hand over some of their most sensitive information (like government IDs and faces) before accessing content online—sensitive information that can then be compromised by hackers. And, sure enough, much of Discord’s age verification data was breached in 2025, including users’ real names, selfies, ID documents, and email and physical addresses.
While the seemingly endless number of data breaches can make it feel like there's nothing you can do to protect your information, it's actually a good reason to take action. On our blog, we name a number of steps you can take right now to protect yourself from the next data breach. Some simple ones include using unique passwords on all your accounts, using two-factor authentication when it's offered, and deleting old accounts.
Of course, individual self-protection only addresses the symptoms of a world where companies gobble up as much data as they can, store it for as long as possible, and don't do enough to protect it. Companies need to do a better job of only collecting the information they need to operate, and properly securing what they do store. And, as we've said before and will say again and again, lawmakers need to pass comprehensive privacy protections.
READ MORE…
🧊 ICE SPY TECH: With billions more dollars at their disposal, the U.S. Immigration and Customs Enforcement (ICE) has been going on a surveillance tech shopping spree. In recent months, ICE has inked contracts for location, social media, phone, and face surveillance tools. On our blog, we dig into each of these—and what EFF and others are doing to stop the spying.
💰FOLLOW THE MONEY: Hundreds of companies are looking to cash in on increased spending by the U.S. government on immigration enforcement and border surveillance. Recently, we updated our database of vendors selling their tech to the U.S. Department of Homeland Security (DHS). Now, we're also sharing our research methods so that you, too, can follow the DHS spending trail.
🤓 HACKERS AGAINST ICE: It can be hard to imagine how to defend oneself against such an overwhelming force like ICE, which is spending hundreds of millions of dollars to spy on anyone—and potentially everyone—in the United States. But a few enterprising hackers have started projects to do counter-surveillance against ICE, and hopefully protect their communities through the clever use of technology.
🪪 AGE VERIFICATION: Age verification mandates are spreading fast, and they’re ushering in a new age of online surveillance, censorship, and exclusion for everyone—not just young people. Join our free livestream on Thursday, January 15, at 12pm PT: "EFFecting Change: The Human Cost of Online Age Verification." Speakers from EFF, Gen-Z for Change, and the Collaborative Research Center for Resilience will discuss what we stand to lose as more and more governments push to age-gate the web.
