Data breaches worldwide surged by 34% in the second quarter of 2025, jumping from 70 million to 94 million compromised accounts, according to cybersecurity firm Surfshark.
According to the report, the United States led the pack with 42.5 million compromised accounts in Q2 2025. France followed with 11.4 million, then India (1.7 million), Germany (1.3 million), and Israel (1.2 million).
When adjusted for population size, France topped the global breach density chart with 172 leaks per 1,000 residents, followed by Israel (130) and the US (123).
“Today’s digital age requires all of us to share more and more personal information to carry out daily tasks,” said Sarunas Sereika, Product Manager at Surfshark. “In the wrong hands, this data can be used to commit identity theft, for targeted scams, or sold on the dark web.”
Africa’s Breach Landscape
While this rise underscores a global spike in digital vulnerabilities, some countries in Africa are still battling persistent threats, despite temporary dips.
In Sub-Saharan Africa, Nigeria remains one of the most affected countries. Although the country recorded a sharp 73% drop in breach incidents, from 120,000 in Q1 to 31,800 in Q2, over 150,000 Nigerian accounts were still compromised in the first half of 2025 alone.
Surfshark’s data, which tracks breaches globally since 2004, ranks Nigeria third in the region, trailing only South Africa and Kenya. In total, over 23.3 million Nigerian accounts have been compromised over the last two decades.
What You Should Know
According to Surfshark, the exposure goes beyond mere account numbers. Of the 23.3 million breached Nigerian accounts, more than 13 million had their passwords leaked, placing 56% of those affected at high risk of identity theft, financial fraud, or impersonation attacks.
The report also found that 7.3 million unique Nigerian email addresses have been leaked across multiple breaches, often linked to phishing campaigns, third-party platform hacks, or unsecured cloud databases.
“Cyberthreats are constantly evolving, and attackers are adapting their tactics,” Surfshark states. “Strong security practices, frequent password updates, and enabling two-factor authentication remain essential for users and businesses alike.”
How the Breaches Were Tracked
Surfshark’s analysis is based on data from over 29,000 publicly available databases, which were aggregated and anonymised to ensure user privacy.
According to the report, each breach incident was assessed by counting email addresses as individual accounts. Some datasets included more sensitive information such as passwords, phone numbers, IP addresses, and physical locations.
The report intentionally excludes countries with populations below one million to maintain statistical significance, and aims to spotlight the rising threats to personal data, particularly in developing digital economies like Nigeria.
Experts Call
While Nigeria’s Q2 drop in breach volume may offer momentary relief, cybersecurity analysts warn that deeper, systemic vulnerabilities remain unresolved.
The overall breach numbers and long-term exposure, according to industry observers, suggest the infrastructure gaps remain wide open.
Experts call for a coordinated effort in cybersecurity education, investment in secure digital infrastructure, and enforcement of stricter data protection laws.
According to analysts, this suggests that while short-term improvements are encouraging, underlying systemic vulnerabilities remain largely unresolved.
Talking Points
The sharp 73% drop in data breaches in Nigeria between Q1 and Q2 2025 suggests that recent cybersecurity interventions may be taking effect, but experts warn that deeper systemic risks remain unresolved.
It’s troubling that over 150,000 Nigerian accounts were still compromised in just six months, highlighting how exposed users remain despite global advances in data protection.
At Techparley, we believe the Surfshark report is a timely wake-up call. As Nigeria pushes forward with digital transformation, it must prioritise cybersecurity infrastructure alongside connectivity and innovation.
Globally, the picture is even more alarming: with 94 million accounts breached in Q2 alone, including 42.5 million in the United States, the report underscores the urgency of a global rethink on data security and user education.
We see this as a critical moment for local and regional tech companies to step up, by integrating robust security measures into their platforms and educating their users about how to stay safe online.
In the age of hyper-digital engagement, user protection cannot be an afterthought. It must be built into every platform, policy, and process, starting now.
