Cybersecurity|Cybersecurity statistics
Global data breach statistics: a 2024 recap
As we enter 2025, let’s review the key data breach trends of 2024 and examine the latest statistics on data breaches. We will analyze which countries experienced the highest number of breaches and highlight some of the biggest incidents of the year.
Breached accounts jump to nearly 8 times more in 2024
Last year's data breach statistics reveal a staggering increase in compromised accounts, skyrocketing to nearly eight times the number recorded in 2023. The numbers surged from approximately 730 million breached accounts in 2023 to over 5.5 billion in 2024, meaning nearly 180 accounts were compromised every second. In this study, we define a breached or leaked email address used for online services as a separate user account, counting each instance as an individual breach.
In 2024, three new countries entered the top 10 for the highest number of breached accounts. China soared to the top spot (rising from 12th in 2023), Germany climbed to fifth place (up from 16th in 2023), and Poland secured the tenth position (up from 17th in 2023). Despite these shifts, Russia, the US, France, India, Brazil, Italy, and the UK remained in the top 10 for both years.
Brazil and Italy each climbed two positions in 2024 compared to 2023, experiencing a surge in account breaches by 24 times and 21 times, respectively. Russia and France held their positions, remaining in second and fourth place, but the number of breached accounts still increased dramatically. In 2024, Russia saw 11 times more breached accounts than in 2023, while France experienced nearly 14 times more than the previous year.
Three countries from the top 10 — the US, India, and the UK — dropped in ranking in 2024, yet the number of breached accounts in these regions continued to rise. Despite the US experiencing the smallest increase, at 39%, it still ranked third globally. India recorded five times more breached accounts than in 2023, while the UK saw a 14-fold surge. Meanwhile, in 2024, China saw the most dramatic increase among the top 10 countries, with nearly 340 times more breached accounts than in 2023.
China emerges as a major player in data breach statistics 2024
Although breaches can impact individuals worldwide, 46% of all compromised accounts in 2024 were concentrated in China, Russia, and the US, making them the primary data breach hotspots. China and Russia each accounted for 17% of all breached accounts, while the US contributed 12% to the global total. In 2023, the US and Russia dominated the data breach landscape, comprising nearly 80% of all breached accounts. However, by 2024, China also emerged as a key player in global data breaches.
In 2024, China saw nearly 1,800 breached accounts per minute, with Russia close behind at over 1,700 per minute. The US followed, experiencing approximately 1,300 breaches per minute. This marks a dramatic increase from 2023, when the US recorded over 900 breaches per minute, Russia almost 160, and China only 5.
European countries lead in data breach density
In countries with smaller populations, the total number of breached accounts might be lower, but a higher breach density can indicate that residents face a greater risk of experiencing a data breach. In 2024, Russia topped the list with nearly 6,400 breached accounts per 1,000 people, followed by France (2,300) and the US (over 2,000).
Meanwhile, in 15 countries with populations over 1 million, individuals faced an average of more than one breached account per person. Remarkably, 10 of these countries — or approximately 70% — are in Europe.
Czechia ranked fourth globally, with nearly 2,000 breached accounts per 1,000 individuals. Germany followed in sixth place with over 1,600 breaches per 1,000 people. Latvia and the Netherlands came next, each exceeding 1,300 breaches per 1,000 residents. Additionally, Italy secured the ninth position with more than 1,200. Poland, Denmark, and Estonia also ranked among the top 15 countries with the highest breach density.
Which regions faced the most impact from data breaches in 2024?
Examining regional data breach statistics for 2024 reveals that Europe experienced the highest share, accounting for 29% of all breached accounts, with Russia at the forefront. This region saw over 1.6 billion breached accounts. Asia followed as the second-most affected region, contributing 23% to the global total, or nearly 1.3 billion breached accounts, with China leading the way. North America ranked third, making up 14% of all breaches, or nearly 770 million compromised accounts, primarily from the US.
In Europe, Russia (920 million breached accounts) was followed by Germany (135 million), France (146 million), Italy (73 million), and the UK (57 million). In Asia, China (940 million) led, followed by India (92 million), Japan (40 million), Vietnam (38 million), and the Philippines (24 million). In North America, the US (690 million) has the highest number of breached accounts, followed by Canada (44 million), Mexico (23 million), El Salvador (1.7 million), and Costa Rica (1.5 million).
Compared to 2023, Europe, North America, and Asia remained the top three most affected regions, but their rankings shifted. In 2023, North America led, followed by Europe and Asia, whereas in 2024, Europe and Asia moved up, while North America dropped to third place. Despite these shifts, all regions experienced year-over-year increases in data breaches. Europe saw a 13% rise, Asia surged by 31%, and North America recorded a smaller but significant 2% increase.
What was the biggest data breach or leak in 2024?
One of the biggest data breaches of 2024 involved a collection of over 3 billion unique email addresses, which surfaced in an underground crime forum in September 2024.¹ The leak compiled data from previous breaches, with duplicates removed to create a cleaner dataset. Surfshark’s researchers found that approximately 790 million of the breached accounts were Russian, 310 million were American, 160 million were Chinese, 110 million were German, and 100 million were French, among others. This massive email leak provides cybercriminals and phishing scammers with a vast pool of potential targets. However, the hacker behind the leak claimed that none of these emails were obtained through private leaks — all this information was already publicly available.
In February 2024, another major data leak affected over 120 million individuals. The breach originated from DemandScience (formerly Pure Incubation), a B2B demand generation company. This firm gathers business data from public sources and third parties, including full names, physical addresses, email addresses, phone numbers, job titles, functions, and social media links.² Such information is essential for digital marketers and advertisers to create detailed consumer profiles that drive lead generation and targeted marketing strategies. Surfshark’s researchers found that approximately 33 million of the breached accounts were American, 2.4 million British, 1.4 million Canadian, 1.2 million Australian, and 80,000 French, among others.
Note: To quantify the impact of data breaches, we count the number of unique email addresses affected. This method provides a consistent approach to measuring breach severity, though it may not align with other sources' reported figures, which might include all affected accounts rather than only exposed email addresses.
Methodology and sources
We examined global data breaches that occurred in 2024.
Countries with populations under 1 million were excluded from the rankings, as they tend to be outliers in global distribution per population metrics due to their small population sizes. This exclusion does not significantly impact global statistics, as these countries and territories account for less than 1% of the worldwide population.
To collect the data, our independent partners aggregated information from various publicly available databases, specifically targeting email addresses. They then anonymized the data and provided it to Surfshark’s researchers for statistical analysis. For timeline accuracy, the actual time of the data breach was recorded rather than when it first became public.
Note: Past numbers of breached accounts may change as new cases are reported and additional breaches are identified.
Definitions:
- Data breach — an event when an intruder copies and leaks user data such as names, surnames, email addresses, passwords, etc.;
- Breach count/breaches — every breached or leaked email address is counted as a separate account/user/breach;
- Breach density — breach count of a country per its population.
