Breached accounts in 2025: the US has over 2M breaches in the first six months

Published: 28 August 2025
Last updated: 16 September 2025
data breach silent leaks

According to Cybernews' Personal data leak checker tool, there were 20 times fewer breached accounts in the first half of 2025 than in the same period in 2024. Despite this, millions of accounts remain exposed, with the United States having over 2 million breached accounts and France, with 1.8 million accounts breached, leading as the most breached nations.

Key takeaways:
  • January has the highest number of breached accounts in 2025 so far
  • The U.S. remains the highest breached country, with over 2 million breaches
  • Countries experienced a spike in breach numbers in March, making it the second most breached month in the first six months of 2025
  • The second quarter of 2025 saw a 77% dip in breached accounts

ADVERTISEMENT

The US and France have millions of breached accounts in 2025 so far

Based on the Personal data leak checker tool, a database of leaked hashed emails, the first six months of 2025 recorded 15.8 million breached accounts globally. This is in contrast to the 302 million breaches fixed in the first half of 2024, meaning the first half of 2025 had around 20 times fewer breaches. However, several big nations continue to struggle with vulnerabilities.

The top three countries with the highest number of breaches in 2025 so far are the US, with 2.5 million breached accounts, France, with 1.8 million breached accounts, and India, with 1.2 million breached accounts.

Other notable countries in the top ten list include Russia, with 420,000 breached accounts, which is fourth, followed by Venezuela, with 309,000 breached accounts, Brazil, with 289,000 breached accounts, and the UK, with 197,000 breached accounts. After these countries follow, Argentina, with 191,000 accounts breached, Taiwan, 183,000 accounts breached, and Saudi Arabia, 139,000 accounts breached.

Breach activity peak was in January

The data reveals two peaks in breach activity during 2025: January and March. Across all nations, January accounted for the highest number of breaches, followed by a significant spike in March. Both months had over 2 million breached accounts.

The top five countries most breached worldwide in the first six months of 2025 are the US, France, India, Russia, and Venezuela.

While looking at the five countries individually, it becomes clear that they all experienced similar fluctuations over the months, just with different figures. Overall, the US had the majority of breaches: approximately 406,000 in January, around 674,000 in February, and peaked in March, reaching 1.2 million breached accounts.

ADVERTISEMENT

January was problematic for France, with 1.6 million breached accounts. In the following months, France saw a significant drop in numbers, falling to 87,000 in February and even less in the following months.

A similar situation is in India. January began with 115,000 breached accounts, but the number dropped to less than 2 thousand in February. Like the US, India experienced a surprising spike in March with over 1 million breached accounts.

Russia and Venezuela also showed similar patterns and amounts of breached accounts. Both nations experienced the most breaches in January, with 388,000 and 296,000 breached accounts, respectively. Breach numbers fell significantly throughout the year.

Breached countries, January-June
5 most breached countries. By Cybernews

8 out of 1,000 people in the US have a breached account

According to SG Analytics, China, India, the US, Indonesia, and Pakistan have the highest number of global internet users, and some appear among the most breached countries; however, not all of them have high breach density.

When breached data is analyzed against internet user populations, the United States emerges as the most affected country per capita. With over 311 million internet users and over 2.5 million breached accounts, the US experiences eight breached accounts per 1,000 internet users, the highest density among all countries.

Other nations demonstrate varying breach densities. According to data, China has over 1 billion internet users, but it recorded only a little more than 16,000 breached accounts in 2025. That would only mean one breached account per 62,500 people.

India is not far behind. It had around 1.2 million breaches among 881 million internet users, approximately one breached account per 734 people. Indonesia had over 23,000 breached accounts among 215 million users, or around one per 9,350 people. Pakistan has 170 million internet users, but only over 8,000 breached accounts, or around one breached account per 21,250 people.

These numbers show that even countries with large internet populations, such as China, are safer per capita, probably due to stricter cyber protection measures.

ADVERTISEMENT
Data breach density
Data breach density. By Cybernews

The second quarter of 2025 saw 77% fewer breaches

According to data collected by Cybernews' tool, breaches significantly declined during the second quarter of 2025. Globally, the number of breaches dropped by 77% compared to the first quarter.

All five of the most breached countries discussed before, the US, France, India, Russia, and Venezuela, in the first half of 2025, showed dips of over 90% in Q2. The US saw a 92% decrease, and France and Venezuela saw a 99% drop. India's numbers fell by 94%, Russia's by 97%.

While the majority of countries saw improvements, some of them had spikes in breaches in Q2. Ireland’s breached accounts increased by 735%, from 4,000 in Q1 to 39K in Q2. Italy's number of breached accounts grew by 179%, rising from 19,000 to 55,000 breaches.

Data breach maps
50 most breached countries. By Cybernews

Why data breaches happen: insights from security experts

Cybernews researchers emphasize that poor cybersecurity habits among internet users remain one of the leading causes of data breaches. If users use the same passwords for their Netflix account as they do for their Gmail account, attackers can use this to pivot towards other, more sensitive accounts.

Reasons for data leaks include:

  • Unsafe online registrations. Subscriptions to suspicious websites, such as “free online movie platforms,” often expose sensitive data.
  • Reuse of weak passwords. Simple password hygiene can make a difference. Using a password leak checker or password manager to generate strong, unique passwords and updating them regularly can make the difference between your data being safe and getting leaked.
  • Infostealers usually end up on your device after you click on something sketchy, download a fake program, or open a shady email attachment. Your data gets scooped up and sent off to whoever’s behind the attack, often without you ever knowing it happened.
  • Tech support scams. Hackers now call pretending to be IT support staff and deceive the victims into authorizing a malicious app.
ADVERTISEMENT

“If your passwords get leaked, the damage can go beyond just one account. Hackers can use that info to mess with your life in various ways. In the worst cases, they can even take over your digital identity,” Cybernews security researchers say.

Share
Post
Share
Share
Share
Français English Português (BR) Español Niederländisch Deutsch Italian (IT)
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked