Identity Theft Resource Center 2025 Annual Data Breach Report: Record Number of Data Compromises in 2025; 79 Percent Jump Over Five Years

The ITRC tracked 3,322 data compromises last year, according to the Center's 20^th annual data breach report

SAN DIEGO, Jan. 29, 2026 /PRNewswire/ -- Today, the Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization that supports victims of identity theft, fraud and scams, will release its 2025 Annual Data Breach Report, its 20^th edition, at today's Identity, Authentication and the Road Ahead Identity Policy Forum hosted by the Better Identity Coalition, the FIDO Alliance and the ITRC.

According to the 2025 Annual Data Breach Report, the number of data compromises in 2025 (3,322) increased by five percentage points compared to 2024 (3,152). The ITRC set a new record for the number of data compromises tracked in a year, up four percentage points from the previous all-time high in 2023 (3,202). It is also a 79 percent jump over five years.

The number of victim notices (278,827,933) decreased by 79 percentage points from 2024 (1,367,117,021). The massive decrease in victim notices is due to the lack of "mega-breaches" in 2025, unlike 2024. It is the lowest number of victim notices since 2014 and the lowest number since the last U.S. state and territories adopted data breach laws in 2018.

Download the ITRC's 2025 Annual Data Breach Report

According to the 2025 Annual Data Breach Report, 70 percent (2,324) of data breach notices did not include attack information, compared to 65 percent (2,049) in 2024 and 45 percent (1,449) in 2023. In 2020, nearly every organization that suffered a breach provided clear details on how it happened. This trend has worsened every year since 2020, leaving people and institutions unable to assess their own level of risk or take the necessary steps to protect themselves.

In 2025, the Financial Services industry was the most breached industry (739 compromises), followed by Healthcare (534 compromises), Professional Services (478 compromises), Manufacturing (299 compromises) and Education (188 compromises). The Professional Services industry saw the most significant growth in attacks, making them a common stepping stone to compromise their multiple clients.

"For two decades, the ITRC has been tracking public reports of data compromises," said James E. Lee, President of the Identity Theft Resource Center. "As we look back on those years, in particular the last five, we have noticed a move beyond an era of simple identity theft into a State of More. More attacks that are more precise, more automated and more difficult to detect. Consumers can take all of the right steps, businesses can have the best cybersecurity and still fall victim to criminals."

"Consumers must move from reacting to acting," Lee continued. "Freezing your credit and transitioning to passkeys are the foundational requirements for digital safety. Businesses should prioritize transparency over liability mitigation. This includes embracing Zero Trust security models, engaging in robust employee training, requiring enhanced identity verification for employees and customers, and recognizing that supply chain risk extends beyond direct vendors. Our continued success in reducing data breaches and victim impacts in the coming years will depend entirely on our willingness to work together."

Consumer Attitudes About Data Breach Notices

As part of the 20^th anniversary of the Data Breach Report, the ITRC asked 1,040 consumers if they had received a data breach notice in the past 12 months. The survey reveals that data breaches are a near-universal experience for consumers, with 80 percent of respondents having received a data breach notice in the last 12 months. Nearly 40 percent of people responding to the survey received three to five separate notices in the past year. Other findings from this survey in the 2025 Annual Data Breach Report include:

• Eighty-eight (88) percent of people who received a data breach notice experienced at least one negative consequence after a breach, including an increase in "phishing" or scam attempts (40 percent), an increase in spam emails or robocalls (49 percent) and attempted takeover of an existing account (40 percent).
• The impact of data breaches is significant, causing immediate anxiety (60 percent) and frustration (59 percent). The primary fear is immediate financial fraud (50 percent), a well-founded concern, as 54 percent of consumers reported an increase in targeted phishing attempts after a breach.

Consumers and victims can receive free support and guidance from a knowledgeable live advisor by calling or texting 888.400.5530 or visiting the ITRC's website, www.idtheftcenter.org, to live chat.

You can watch the ITRC's presentation on the 2025 Annual Data Breach Report here.

About the Identity Theft Resource Center

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a national nonprofit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live chat, idtheftcenter.org, and toll-free phone number 888.400.5530. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool. The ITRC offers help to specific populations, including the deaf/hard of hearing and blind/low vision communities.

SOURCE Identity Theft Resource Center