Cybersecurity|Cybersecurity statistics
Wrapping up 2025: global data breach statistics
As we embark on the journey into 2026, let's rewind and uncover the story behind the data breach trends of 2025. Discover which countries were hit the hardest and how diverse sectors, from tourism to telecom, felt the ripple effects.
Globally, over 800 account breaches occurred every minute last year
In 2025, the digital landscape faced considerable cybersecurity challenges, with 425.7 million accounts breached worldwide, underscoring the impact on both individuals and organizations. To put this into perspective, the annual total of compromised accounts equates to approximately 810 breaches per minute, or about 14 every second globally. According to the methodology, each compromised account or user represents a breached email address.¹ A data breach typically involves an intruder copying and leaking personal data, which can include names, surnames, email addresses, passwords, and other sensitive information. If your data has been exposed, you might be in the sight of cybercriminals.
A quarterly analysis reveals that the last quarter was particularly severe, with compromised accounts surpassing 141.5 million — double the nearly 70 million recorded in the first quarter. While most quarters experienced an increase in breached accounts, the third quarter was an exception, showing a decline from 116.5 million in the second quarter to 97.7 million in the third. This pattern suggests that even cybercriminals might take a summer break.
Expressed as percentages, the first quarter accounted for 16% of the year's leaked accounts, the second quarter for 27%, the third quarter for 23%, and the fourth quarter for a substantial 33%, representing one-third of all breaches. Comparing the first half of the year to the last six months, there was an approximate 28% increase, highlighting the escalating cybersecurity challenges as the year progressed.
The US had the most breached accounts globally, while France led in breach density
The top 10 countries most affected by data breaches accounted for 65% of all compromised accounts worldwide. The United States tops the list with 142.9 million accounts compromised, representing over a third of all leaked email addresses globally. France follows as the second most affected country, with 10% of accounts, or 40.3 million, breached. India ranks third with 7% or 28.9 million. Rounding out the list are Germany, Russia, the UK, Canada, Vietnam, Brazil, and Spain.
In countries with smaller populations, the total number of breached accounts might be lower, but a higher breach density amplifies the risk. When ranking countries by breach density — measured by the number of compromised accounts per capita — the list changes considerably. Israel, Belgium, Australia, South Sudan, and the Netherlands, which do not appear in the top 10 for total breach count, are now featured in this ranking. In 2025, France tops this list with a breach density 12 times higher than the global average of 52, followed by the United States at 8 times the global average. Israel takes the third spot, while Germany and Canada are in fourth and fifth positions, respectively. Belgium, Australia, South Sudan, the UK, and the Netherlands complete the top 10. This highlights the varied impact of data breaches across different nations.
North America was hit hardest, with the US accounting for 93% of its breached accounts
A regional analysis reveals that North America was the most affected region in 2025, with 154.2 million breached accounts, making up over 36% of all cases globally. Europe follows, contributing 24% (103.9 million compromised accounts), while Asia ranks third with 14% (59.3 million compromised accounts). South America, Africa, Oceania, and Antarctica collectively account for 5% of compromised accounts worldwide. Notably, 20% of compromised accounts could not be attributed to any specific region or country and remain classified as unknown.
Breaking it down to a per-minute perspective, North Americans faced 293 breaches per minute in 2025, while Europeans experienced 198 per minute. Asians encountered breaches at nearly half the rate of Europeans and about a third of North Americans, with 113 accounts compromised per minute. People in other regions experienced much lower breach rates.
However, not all countries contributed equally to regional numbers. In North America, for example, the United States was the primary contributor, accounting for 93% of all compromised accounts in the region. Canada followed with 5%, and Mexico contributed 1%, with all other countries below 1%. The situation is different in Asia and Europe. In Europe, five countries accounted for 81% of the region's compromised accounts. France led with 39%, followed by Germany at half that amount with 18%, Russia at 12%, the UK at 8%, and Spain at 4%. In Asia, India accounted for 49% of the compromised accounts, with Vietnam contributing approximately four times less at 12%, and Indonesia, China and Japan each at 5%. Together, these five Asian countries accounted for 75% of the region's total compromised accounts.
Sectors most affected by data breaches in 2025
Data breaches can vary in scope, with some involving fewer compromised accounts and others having a much greater impact. These larger data breaches are particularly concerning due to their extensive reach, the potential for severe consequences, and the substantial resources required to address them.
To identify the sectors most affected by major data breaches, the analysis was focused on cases involving over 50,000 leaked accounts. It's important to note that data breaches without a related domain, or if domains lack a category assigned by Similarweb, were excluded from this analysis. The findings reveal that 20% of compromised accounts in major breaches were linked to domains in the internet and telecom category. The finance category was the second most-affected, accounting for 12% of compromised accounts. The computers and consumer electronics category follows, representing approximately 10% of breached accounts. Travel and tourism, along with business and industrial, accounted for about 8% each. The adult category also had a share, with jobs and education, home and garden, health, and vehicles following closely behind.
These top 10 categories of domains affected by major data breaches illustrate the diverse impact of such incidents, underscoring that no company is immune to these challenges. This emphasizes the importance of individuals actively protecting their data and minimizing the sharing of personal information whenever possible.
The biggest data breaches of 2025: the most widespread cybersecurity incidents
Among the top data breaches in 2025 by the number of exposed accounts were incidents involving Mobile Free², Zacks³, and Vietnam Airlines⁴. It's important to note that while the breached data was identified as publicly accessible in 2025, the data breaches themselves may not have necessarily occurred that year.
The Mobile Free data breach (12.8M) had a major impact on French accounts, compromising 10.3 million. It also affected accounts in the US (95.3k), the UK (47.5k), Germany (43.2k), and Canada (32.9k), among others, with many more countries impacted. The Zacks data breach (8.7M) predominantly targeted US accounts, compromising 5.7 million, and extended to accounts in Canada (420.2k), China (330.8k), the UK (194k), India (149.9k), and more. The Vietnam Airlines breach (7M) affected accounts in Vietnam (6M), South Korea (186.9k), Australia (139k), Japan (123k), and the US (107.8k), among others.
The data breaches of 2025 are a reminder of the vulnerabilities that exist in our increasingly online lives. They highlight the urgent need for both individuals and organizations to prioritize cybersecurity measures and remain vigilant in protecting sensitive information.
Methodology and sources
We analyzed global statistics on breached accounts exposed in 2025. Countries with populations under 1 million were excluded from the rankings, as they tend to be outliers in global distribution per population metrics due to their small population sizes. This exclusion does not significantly affect global statistics, as these countries and territories make up less than 1% of the world’s population.
To collect the data, our independent partners compiled information from various publicly available databases, focusing specifically on email addresses. They then anonymized the data before providing it to Surfshark’s researchers for statistical analysis. The dates used reflect when a data breach is shared in public databases, rather than when the breach originally occurred. Figures from earlier periods may be revised as new information becomes available.
Definitions:
- Data breach — an event when an intruder copies and leaks user data such as names, surnames, email addresses, passwords, etc.
- Breach count/breaches — each breached or leaked email address is counted as a separate account/user/breach.
- Breach density — the number of breaches in a country relative to its population.
