Digital Transactions Authoritative, insightful and timely information for payments professionals
The number of publicly reported data breaches through the first half of 2025 totaled 1,732, up 5% from the same period a year ago, according to the Identity Theft Resource Center.
Despite the year-over-year increase in breaches, the number of victim notices in the first half of 2025 totaled 165.7 million, or just 12% of the victim notices issued by mid-year 2024. The decrease is due in part to fewer people being impacted by the small handful of mega breaches in 2025 compared to 2024, the ITRC says.
“The mega-breaches of 2024 were primarily the result of a lack of internal controls that allowed stolen logins and passwords to be used to access data,” ITRC president James E. Lee says by email. “That was a reminder to organizations to beef up their internal access controls with multi-factor identification and passkeys and to focus on recognizing social-engineering attacks. With improved password protocols now in place, there have been fewer successful attacks, which results in fewer people being impacted.”
Despite fewer consumers being affected by data breaches compared to a year ago, the financial losses victims are experiencing remain significant and are increasing “primarily because of the ability of threat actors to better utilize the data stolen in breaches and to refine the individuals and organizations they target using AI,” Lee says.
One troubling trend to emerge during the first half of 2025 is that 69% of the data breaches reported did not provide information about the root cause of the attack, up from 65% a year ago. The increasing number of breaches not including information about a root cause of the attack is a trend that has continued for nearly five years, the ITRC says.
Another troubling trend is that previously stolen personal consumer data, such as logins and passwords, is being recycled by criminals to gain access to critical systems for ransom attacks and or data exfiltration attacks. To illustrate the growing threat from using previously stolen data to carry out a breach, the IRTC cites reports of an unsecured cloud environment with more than 16 billion logins and passwords aggregated into a single database being discovered. The use of previously stolen data during a breach enables criminals to carry out a variety of identity crimes, including fraud and scams, the report says.
The use of analytics to repackage previously stolen data to focus on different data sets is a trend that emerged at the end of June, specifically for very large databases of logins and passwords with billions of records.
“The data has been around for years, but never packaged this way – which means if it was created by cyber criminals, we can expect to see more credential attacks in the coming months,” says Lee.
Supply-chain attacks, which occur when criminals target third-party vendors or partners to gain access to the company’s systems and data, is another troubling trend. Some 79 supply-chain attacks were reported during the first half of 2025. Those attacks impacted 690 entities and generated 78,320,240 victim notices.
Steps companies can take to strengthen their defenses against data breaches include strengthening supply-chain security by conducting security assessments of all third-party vendors and partners. Companies can also beef up employee training when it comes to cybersecurity best practices, the ITRC says.
