-
A new report states that in 2025 alone, over 300 million private records were compromised due to 794 data breaches.
-
The report noted that every single breach included email addresses and fuels concern regarding phishing scams.
-
Small and medium sized businesses were responsible for 70.5% of all breaches, making them the most likely targets to be compromised.
The dark web is drowning in our personal data, and a recent report reveals the scale of the issue.
Data leaks occur every day, and millions of records no longer seem to be safe. Passwords, medical histories, and everything else, it seems that nothing is safe.
A Staggering Year for Leaked Data
Proton (owner of the popular VPN service) has launched a new tool referred to as Data Breach Observatory, and its first finding is kind of scary. According to the report, in 2025, hackers had already leaked over 300 million private records on the dark web.
And these aren’t small leaks – the report shows some “ mega-exposures” that hit millions of people all at once. Qantas Airlines had 11.8 million records exposed. An Indian education tech company, SkilloVilla, saw a leak of over 33 million records.
Hackers also hit European telecoms like PhoneMondo and Orange Romania hard. Together with the French company Free, they had over 33 million customer records exposed. A Singaporean IT firm named Amai leaked another 10 million records on its own.
The type of data stolen is what makes this so dangerous. Email addresses were in every single breach. Names got exposed in 90% of the cases, and in about three-quarters of them, hackers also leaked phone numbers and home addresses.
What’s really scary is that in almost half the breaches, passwords were part of the leak. And in over a third of these situations, super-sensitive information like government IDs and health records were exposed. This basically hands criminals all they need to steal identities and run really believable phishing scams.
Small Businesses Bear the Brunt of the Attack
So, who do hackers usually go after? You might assume they only go after big corporations for a huge payday. But the numbers tell another story.
Big firms were only about 13.5% of the hacks. Enterprise-level organizations made up only 15.9%. Hackers aimed the overwhelming majority of attacks—a massive 70.5%—at small and medium-sized businesses.
The reason is simple. These smaller companies usually don’t have much money to spend on security, and so they don’t have strong protection. That makes them easy targets for hackers looking to score fast. Stores took the hardest hit, accounting for more than a quarter of all hacks. Tech firms and media companies followed behind.
Eamonn Maguire, Proton’s head of anti-abuse, explained why this tracking is so crucial. He noted that a lot of breaches go unreported or sometimes, even undetected. Maguire emphasizes the importance of dark web monitoring, warning that without it, “you might not even know you’ve been hacked.”
He believes the new Observatory helps everyone understand the real threat. It moves beyond relying on companies to self-report incidents. This gives us a clear, unbiased look at the data breach landscape. And that reality is that almost no industry is safe. Business services, financial firms, schools, and non-profits have all been victims this year.
