Breach Report
Data breaches exposed over 6 billion records in 2025 alone. Healthcare, finance, and tech companies were hit hardest — and the stolen data often includes Social Security numbers, medical records, and financial credentials. Here's what happened, who was affected, and what you should do right now.
By the Numbers
The scale of data breaches continues to grow year over year. According to IBM's 2025 Cost of a Data Breach Report, the global average cost of a breach reached $4.88 million — the highest figure ever recorded. Here's the broader picture.
In 2025, over 6.1 billion individual records were exposed across publicly reported data breaches worldwide. This includes names, emails, passwords, Social Security numbers, medical records, and financial data. Many of these records end up for sale on dark web marketplaces within hours of the breach.
The average cost of a data breach hit $4.88 million in 2025, a 10% increase from the previous year. This includes detection, containment, notification, lost business, and regulatory fines. Healthcare breaches cost the most at $10.93 million on average — nearly double the next-highest industry.
On average, organizations took 194 days to identify a breach and an additional 64 days to contain it. That means attackers had nearly 9 months of access before being discovered. During this window, they can exfiltrate data, install backdoors, and move laterally through networks.
Stolen or compromised credentials were the initial attack vector in 44% of breaches in 2025, according to Verizon's Data Breach Investigations Report. Phishing accounted for another 16%. Together, these two human-factor vulnerabilities caused 60% of all breaches — both are preventable with the right tools.
Timeline
These are some of the largest and most impactful data breaches reported between January 2025 and early 2026. Each one compromised millions of records and affected real people.
One of the largest breaches ever discovered, the National Public Data breach exposed approximately 2.9 billion records including names, addresses, Social Security numbers, and family relationships. The data — scraped from public records and aggregated into a massive database — was posted on dark web forums. The company filed for bankruptcy shortly after the breach was disclosed.
The Change Healthcare ransomware attack in early 2025 affected over 100 million individuals — roughly one-third of Americans. As a healthcare payment processor, the company held extremely sensitive data including medical diagnoses, treatment records, insurance information, and Social Security numbers. The breach disrupted pharmacy operations nationwide for weeks.
AT&T confirmed a breach affecting 73 million current and former customers. The exposed data included names, addresses, Social Security numbers, and account passcodes. A separate breach of AT&T call and text metadata affected nearly all of their wireless customers — approximately 110 million people.
The Ticketmaster breach exposed data for approximately 560 million customers through a compromised third-party cloud provider (Snowflake). Stolen data included names, email addresses, phone numbers, and partial payment card details. The ShinyHunters hacking group claimed responsibility and demanded a $500,000 ransom.
Dell disclosed a breach affecting 49 million customers' purchase information, including names, physical addresses, and Dell hardware and order details. While financial data was not exposed, the breach gave attackers detailed information useful for targeted phishing campaigns impersonating Dell support.
The MOVEit file transfer vulnerability (CVE-2023-34362) continued to cause damage well into 2025 as more affected organizations disclosed breaches. Over 2,700 organizations and 95 million individuals were impacted. Victims included government agencies, universities, financial institutions, and healthcare providers worldwide. This breach demonstrated how a single software vulnerability can cascade across thousands of organizations.
Impact Analysis
Not all industries are targeted equally. Some hold more valuable data, face more regulatory scrutiny, or have weaker security infrastructure. Here's where the damage was concentrated.
Healthcare has been the most costly industry for breaches 14 years running. Medical records sell for $250-1,000 each on the dark web — far more than credit card numbers ($5-110). They contain everything needed for identity theft: SSNs, insurance details, addresses, and medical history. The Change Healthcare breach alone affected 100M+ Americans.
Banks, fintech companies, and payment processors were the second-most targeted industry. Financial breaches averaged $6.08 million per incident. Attackers target these organizations for direct financial fraud, account takeovers, and access to payment card data.
Tech companies hold massive amounts of user data and are prime targets for both data theft and supply chain attacks. The Snowflake-linked breaches (affecting Ticketmaster, Santander, and others) showed how compromising a single cloud provider can cascade to dozens of downstream companies.
Government agencies and universities often run legacy systems with limited security budgets. The MOVEit attack hit multiple government departments and dozens of universities. Student and employee records — containing SSNs, financial aid data, and health records — were exposed at scale.
What Was Taken
Not all stolen data carries the same risk. Email addresses and names are relatively low-risk — they enable spam and phishing but can't directly compromise your identity. Social Security numbers, medical records, and login credentials are high-risk: they enable identity theft, financial fraud, and account takeovers that can take months or years to resolve. If your SSN was exposed, you should freeze your credit immediately.
Usernames and passwords (or password hashes) are the most commonly stolen data type. Attackers use these for credential stuffing — automatically trying stolen passwords across hundreds of other services. If you reuse passwords, one breach can compromise all your accounts.
SSNs are the skeleton key to identity theft. With your SSN, criminals can open credit cards, take out loans, file tax returns, and even obtain medical care in your name. Unlike a password, you can't change your SSN — making this the most damaging type of data exposure.
Credit card numbers, bank account details, and payment records enable direct financial fraud. While credit cards have fraud protections and can be replaced, bank account takeovers and fraudulent wire transfers are much harder to reverse.
Medical records are the most valuable data type on the dark web. They contain a combination of personal, financial, and health information that enables medical identity theft — where criminals use your identity to obtain medical care, prescriptions, or insurance benefits.
Take Action
Given the scale of recent breaches, there's a strong chance your data has been exposed. Here's how to find out — and what to do about it.
Visit haveibeenpwned.com and enter your email address. This free service, run by security researcher Troy Hunt, checks your email against over 14 billion compromised accounts from 800+ confirmed data breaches. If your email appears, change the password for that service immediately — and every other service where you used the same password.
Request free credit reports from all three bureaus (Equifax, Experian, TransUnion) at AnnualCreditReport.com. Look for accounts you don't recognize, inquiries you didn't initiate, or address changes you didn't make. Consider placing a credit freeze — it's free and prevents anyone from opening new accounts in your name.
Services like Aura, Norton LifeLock, and 1Password's Watchtower actively monitor dark web marketplaces and forums for your personal information. They alert you if your SSN, email, passwords, or financial data appear in new breach dumps — often before the company even discloses the breach publicly.
Check recent login activity on your most important accounts (email, banking, social media). Most services show recent sign-ins with location and device information. If you see unfamiliar logins, change your password immediately and enable two-factor authentication.
Protect Yourself
You can't prevent companies from getting breached, but you can minimize the damage and make yourself a much harder target. These tools address the most common attack vectors.
The most effective personal security strategy has three layers: (1) a password manager to eliminate password reuse — so one breach doesn't compromise all your accounts, (2) two-factor authentication on every important account — so stolen passwords alone aren't enough, and (3) identity monitoring to catch fraud early — before criminals can do serious financial damage. Together, these three layers address the vast majority of consumer-level threats.
Generate unique, random passwords for every account. If one service is breached, none of your other accounts are affected. 1Password's Watchtower feature automatically alerts you when any saved credential appears in a known data breach.
Aura monitors your SSN, credit reports, bank accounts, and the dark web 24/7. If your information appears in a new breach or someone tries to open an account in your name, you're alerted immediately. Includes $1M identity theft insurance and dedicated resolution specialists.
Prevents malware, keyloggers, and phishing attacks from stealing your data in the first place. Norton 360 includes dark web monitoring, a VPN, and a password manager alongside its industry-leading malware detection engine.
Encrypts your internet connection so data can't be intercepted in transit. Especially critical on public Wi-Fi, where man-in-the-middle attacks can capture everything you send and receive — including login credentials.
The average person's data has been exposed in at least 5 known breaches. A password manager and identity monitoring service take minutes to set up and protect you around the clock.
See Our Top Security PicksCommon Questions
If your Social Security number was exposed, yes — freeze your credit immediately. A credit freeze is free, takes about 10 minutes per bureau, and prevents anyone from opening new credit accounts in your name. You can temporarily lift the freeze whenever you need to apply for credit. Contact Equifax (1-800-685-1111), Experian (1-888-397-3742), and TransUnion (1-888-909-8872) to place a freeze.
Legitimate breach notifications come from the company's official domain, don't ask you to click links to "verify" your identity, and don't request your password or SSN. If you're unsure, go directly to the company's website (don't click any links in the email) and look for breach announcements. You can also check news sources to verify the breach is real.
A data breach involves unauthorized access — someone hacked, phished, or exploited a vulnerability to steal data. A data leak is typically accidental — a misconfigured database, exposed API, or employee error that made data publicly accessible without any hacking involved. Both expose your data, and the protective steps are the same.
In many cases, yes. Class-action lawsuits are common after major breaches, and settlements can provide affected individuals with free credit monitoring, cash payments, or both. Companies are also increasingly subject to regulatory fines under GDPR, CCPA, and HIPAA. Check if a class action has been filed for any breach that affected you.
You can't control whether a company you trust gets breached. But you can control how much damage it does to you. Unique passwords, two-factor authentication, and identity monitoring turn a breach from a crisis into a minor inconvenience.
See Our Top Security PicksIndependent reviews · No sponsored rankings · Updated quarterly