Source: www.infosecurity-magazine.com – Author:
The number of publicly reported data compromises increased around 11% annually to reach 1732 for the first half of 2025, putting it on track to be a record-breaking year, according to the Identity Theft Resource Center (ITRC).
The non-profit tracked publicly reported breaches from across the country to compile its 2025 H1 Data Breach Report.
However, despite the headline rise in leaks and breaches from H1 2024, when the figure was 1567, the number of victims caught in these incidents was significantly lower.
ITRC said just 165.7 million notices had been sent out in the first half of 2025 – just 12% of the figure at this point in 2024. That’s due mainly to the absence of mega breaches last year, such as those stemming from the attack on Snowflake customers.
Read more on breaches: US Data Breach Victim Numbers Surge 1170% Annually
With nearly 72 million victims, the breach at PowerSchool easily tops the list of most damaging incident in H1 2025. The edtech provider admitted in May that it had paid its extorter a ransom in order to prevent them publishing stolen teacher and student data in the US and Canada.
A 19-year-old college student from Massachusetts subsequently pleaded guilty to the crime.
Perhaps unsurprisingly, cyber-attacks were the main cause of data breaches in the first half of the year, accounting for 1348 incidents (78%) and over 114 million victim notices (69%).
Supply chains attacks were responsible for 79 breaches, impacting 690 entities and over 78 million downstream victims.
Interestingly, the ITRC has also recorded 34 physical attacks which led to data breach or compromise – that’s more than we saw in the entirety of 2024.
ITRC president, James Lee, argued that the report outlines many of the same trends witnessed last year, including the repackaging of previously breached data by threat actors.
“That’s a serious risk for businesses since much of the data is logins and passwords, but it also means individuals need to take steps to protect themselves from identity fraud and scams,” he added.
Lee also called out the “troubling” trend of organizations failing to provide enough information to victims in their breach notices.
The number of data breach notices without information about the root cause of the attack jumped from 65% in H1 2024 to 69% in the first six months of 2025, a trend that has continued for the past five years.
This makes it harder for victims to understand how exposed they are to possible identity fraud risks and for researchers to draw conclusions about specific incidents.
Overall, financial services was the worst hit sector, accounting for 387 compromises. Next came healthcare (283) professional services (221), manufacturing (158) and education (105).
Original Post URL: https://www.infosecurity-magazine.com/news/us-data-breaches-record-year/
Category & Tags: –
Views: 2
