- Cloudbrink pushes SASE boundaries with 300 Gbps data center throughput
- Download our CIO Pulse analytics ROI survey
- Uncompromised Ethernet: Performance and Benchmarking for AI/ML Fabric
- Your Roku TV is getting several free updates - including a big one for Roku City
- I changed 10 settings on my Pixel phone to instantly improve the user experience
US Data Breach Victim Count Surges 26% Annually
The number of individuals impacted by data breaches increased by 26% year-on-year (YoY) in the first three months of 2025, despite overall incident volumes remaining flat, according to the Identity Theft Resource Center (ITRC).
The non-profit records all publicly available information on corporate “data compromises” in the US – that is, data breaches, exposures and leaks.
It posted a total of 824 such events in Q1 2025, versus a slightly higher 841 a year ago. However, while there were 72.5 million victims in the first three months of 2024, the number had increased to over 91.3 million by the first quarter of 2025.
The vast majority (71.9 million) of these came from PowerSchool, a North American education software provider that suffered a ransomware breach which it notified customers about in January.
Read more on data breaches: Hertz Data Breach Exposes Customer Information in Cleo Zero-Day Attack
Rumors circulated that it had paid a ransom to its extorters, with a spokesperson for the firm claiming at the time that it “believes the data has been deleted without any further replication or dissemination.”
The second largest breach in terms of victim count in Q1 2025 was DISA Global Solutions, a provider of background screening, including drug and alcohol tests. Its breach impacted more than 3.3 million people.
Overall in Q1, financial services was the most affected sector in terms of total number of incidents, followed by healthcare and professional services.
Cyber-attacks accounted for the majority of victims (90.4 million), followed by supply chain attacks (3.4 million) and system and human error (104,000). Some 6494 individuals were impacted by physical attacks that led to the exposure of their personal information.
“Unfortunately, we continue to see an increase in the number of data breach notices without attack vector details,” explained ITRC senior director, Alex Achten.
“In Q1, 68% of notices did not contain those details, up from 65% in 2024. Since 2018, the percentage of notices with actionable information has dropped from around 100% in 2018 to 32% in Q1 2025. The lack of actionable information leaves victims more vulnerable to an identity crime.”
