The number of data breaches rises every year as hackers find new ways to break into businesses, stealing valuable information, siphoning funds, or holding their data for ransom.
Only the biggest breaches make the news. Most go unnoticed, concealing the scale of the ongoing cyberattacks. The silent crisis prevents us from gaining a clear understanding of who or what is being targeted. Crucially, it has caused businesses to greatly underestimate the risks they face.
To empower business leaders with real-time intelligence, we’re launching the world’s first Data Breach Observatory. This free, public-facing hub will show you exactly where data is leaking onto the dark web, shining a light on the state of global cybersecurity and helping organizations understand emerging risks.
The Data Breach Observatory is built and maintained by the Proton abuse team and draws from verified data from some of the same intelligence sources(nouvelle fenêtre) that enable our Dark Web Monitoring service. Instead of relying on self-reporting, which doesn’t create an accurate representation of the data breach landscape, we’ve gone to the source — the dark web — where cybercriminals go to trade information and resources.
What we’ve learned so far
Investigating data breaches that took place in 2025, we’ve been able to pinpoint who hackers are targeting and what they’re looking for.
Retail is the most targeted sector
The Data Breach Observatory was able to verify 794 breaches from identifiable sources, with more than 300 million records exposed. The most targeted sectors identified were retail (25.3%), technology (15%), and media/entertainment (10.7%). When we understand which industries are most attractive to hackers, we can start to understand their motives more clearly, anticipating what they’re looking for and what to protect within businesses.
SMBs are hackers’ top target
Small- and medium-sized businesses (companies with 1–249 employees) accounted for 70.5% of the breaches reported. Larger companies (250–999 employees) accounted for 13.5% of data breaches, and enterprise organizations of more than 1,000+ employees accounted for the remaining 15.9%. SMBs are perfect targets for hackers, because while they might offer a smaller payday than an enterprise organization, they’re much easier to breach because they have fewer security protections in place.
Names and contact info are most leaked
Any information is valuable for criminals, especially information that helps them creating phishing scams or force unauthorized entry into a business network. Names and emails appear in 9 out of 10 breaches, making them the easiest pieces of information for hackers to find. Seventy-two percent of data breaches contained contact data, such as phone numbers or addresses, with 49% also including passwords. Sensitive data, such as government IDs, health records, and other personally identifiable information, was found in 34% of data breaches overall.
Knowledge is power
Many breaches go unreported or even undetected — without dark web monitoring, you might not even know you’ve been hacked. In some cases, businesses may not be required by law to disclose incidents, and the fear of reputational damage may discourage them from doing so.
Tracking business data breaches is one of the most effective ways to understand and prevent future breaches. The Data Breach Observatory raises awareness about just how common data breaches really are, tracking major dark web leaks and identifying exposure patterns by industry and company size. Instead of relying on a biased sample of self-reported breaches, we can take a realistic look at the data breach landscape and assess the actual threats.
The Data Breach Observatory allows you to search breaches by:
- Breach date
- Breach size (number of records)
- Type and sensitivity of data compromised
- Country
- Company name
- Industry
- Company size
You can use the tool to investigate exactly how businesses like yours are being affected, and make a plan to strengthen your cybersecurity measures accordingly.
Protect your business from data breaches
The average data breach costs businesses $4.88 million in financial losses and regulatory fines. For small businesses, the damage from a breach can run into the hundreds of thousands. That could be a death blow to many small businesses.
What’s the best way to prevent a data breach? Start by thinking like a hacker.
Cybercriminals know that humans are often the weakest link in a business’s security. Attacks such as phishing, pretexting, and spear phishing target employees by posing as a coworker, a C-level executive, or service providers, encouraging them to disclose their login credentials, share sensitive information, or make payments.
Make sure two-factor authentication is enabled through your business, and that your team has a strong password policy as well as the tools they need to protect their accounts. A future without data breaches starts with arming your organization with the right information: you can learn more about cybersecurity by checking out our free security guide for small businesses or getting in contact with our team to find out more about which tools could be useful for your business.
