Average Brit hit by five data breaches since 2004

Around seven British user accounts were breached every minute during the second quarter of 2025 – more than three million in total.

While data breaches dropped globally by 58% from the previous quarter, the number rose from 70 million to 94 million leaked accounts. The US was the most-affected country, with 42.5 million breached accounts, France, with 11.4 million, and India, with 1.7 million, followed by Germany and Israel.

The countries with the highest number of leaked accounts per 1,000 residents were France, at 172; Israel, at 130; the US, at 123; and Singapore, at 26.

"Whether sharing your name and address for food deliveries, or phone numbers when making a booking at a barber shop, there is no guarantee that businesses are keeping crucial information safe and secure," said Sarunas Sereika, product manager at Surfshark, which carried out the research.

"In the wrong hands, this data can be used to commit identity theft, via social media, for targeted scams or sold on the dark web – where they're traded for further illegal use."

In the UK, the number fell during the second quarter – down by 58% compared to the previous quarter. But, said the researchers, the numbers are still staggering. The UK ranks seventh globally, with 944,000 breached accounts.

Since 2004, said the firm, the UK has been the worst-hit country in Northern Europe, with 369.9 million compromised user accounts. A total of 79.4 million unique emails were breached, indicating that the average British person has been affected by data breaches around five times.

And with 239.3 million passwords being leaked together with British accounts, nearly two-thirds of breached users were put in danger of account takeover that could lead to identity theft, extortion, or other cybercrimes.

The UK's biggest incident involved the leak of 32,272,135 billion unique British emails in an underground forum by a hacker known as Addka72424.

Meanwhile, 5,686,838 British emails were leaked after a Wattpad database containing 270 million records was offered for free on hacker forums, and 2,856,737 UK accounts were exposed when it was discovered that Gravatar could be abused for mass data collection of its profiles by web crawlers and bots.

Globally, there have been an astonishing 23 billion breached accounts since 2004. Around 7.7 billion of these have unique email addresses, meaning that a single email address has been breached around three times. For every 100 people, 94 unique email addresses and 281 accounts are breached.