Data breaches continue to rise as cybercriminals find new ways to infiltrate organizations and trade stolen data on the dark web. While incidents targeting major companies often make headlines, many breaches remain undisclosed or unnoticed, making it difficult to understand the true scale of cyberattacks.
To help shed light on this hidden landscape, we launched the Data Breach Observatory in October 2025, a public tool that tracks breaches discovered on the dark web and reveals where stolen data is circulating.
Unlike many studies that rely on voluntary disclosures from affected companies, the Observatory analyzes datasets that appear where cybercriminals actually trade stolen information, helping uncover breaches that might otherwise remain hidden.
Today we’re publishing an update to the Data Breach Observatory, revealing several newly identified breaches and highlighting patterns across industries and organizations.
See the latest breaches in the observatory
What the latest data reveals
Since the beginning of 2025, Proton’s Data Breach Observatory has identified 512 breaches exposing more than 902 million records.
A closer look at the breaches reported in the Observatory reveals clear trends across industries and organizations.
Retail continues to be the most targeted sector, representing 25% of breached companies, followed by technology (12%) and media/entertainment (11%).
Another key takeaway is that smaller organizations are not just frequently breached, but are also disproportionately affected by the largest and most damaging incidents, often involving sensitive personal and authentication data.
Small businesses are hit most often — and hardest
Small- and medium-sized businesses (SMBs), defined as organizations with 1–249 employees, continue to be the most common victims of data breaches. They account for 63% of breaches tracked since January 2025, representing more than 352 million leaked records.
But SMBs are not only breached more often. They are also more likely to suffer the most damaging incidents. Breaches classified as critical, meaning they expose highly sensitive information such as authentication data, personal identifiers, or financial details, disproportionately affect smaller organizations. SMBs account for 61% of breaches involving high-risk data, with small businesses (1–49 employees) alone representing 48% of these critical incidents.
Read our SMB Cybersecurity Report 2026
The same pattern appears in large-scale breaches. Among incidents exposing more than 100,000 records, SMBs account for 60%, with small businesses representing 42% of these large breaches.
Taken together, these findings show that smaller organizations are not only the most frequent victims of cyberattacks, but also the ones most likely to experience the most severe breaches.
The rise of ‘vishing’ campaigns
Another trend revealed in this update is the scale of voice phishing (vishing) campaigns(nouvelle fenêtre), including one carried out by the cybercriminal group ShinyHunters in early 2026.
The campaign targeted several major technology companies and led to multiple large breaches, including incidents affecting Bumble, Match Group, and SoundCloud. In total, these attacks exposed tens of millions of records, illustrating how coordinated phishing campaigns can quickly escalate into large-scale data breaches.
Contact information and passwords are among the most exposed data
Analysis of the leaked datasets shows that certain types of information appear far more frequently in breaches.
Names and email addresses appear in nearly 9 out of 10 breaches, making them the most commonly exposed data points. Contact information, such as phone numbers and physical addresses, appears in 75% of breaches, while passwords are exposed in 47%.
In 42% of incidents, attackers obtained both a person’s name and physical address, combinations that can be particularly useful for identity theft and targeted scams.
Highly sensitive personal data such as government-issued IDs, health records, and other personal identifiers appears in 37% of breaches, while financial information is exposed in about 5% of incidents.
Why uncovering dark web breaches matters
In 2026 alone, dozens of breaches have already exposed nearly 100 million records. While large companies often dominate headlines, the data shows that SMBs are the most frequently affected, highlighting the importance of bringing greater visibility to underreported incidents and helping organizations better understand the risks they face.
The Data Breach Observatory allows you to explore breaches discovered on the dark web and analyze patterns across industries, company sizes, and data types. You can search breaches by:
- Breach date
- Breach size (number of records exposed)
- Type and sensitivity of compromised data
- Company name, country, and industry
- Organization size
Explore the Data Breach Observatory
Protect your business from data breaches
Data breaches can have serious consequences for organizations of any size. The average breach costs businesses $4.88 million in financial losses and regulatory fines. For smaller organizations, the financial impact can reach hundreds of thousands of dollars — a cost that can put many companies at risk of shutting down.
Preventing breaches often begins with understanding how attackers operate. Many cyberattacks target employees through techniques such as phishing, pretexting, and spear phishing, where attackers impersonate coworkers, executives, or service providers to trick people into revealing login credentials or sensitive information.
Strengthening basic security practices can significantly reduce these risks. Organizations should ensure two-factor authentication is enabled across accounts, enforce strong password policies, and equip employees with the tools and training needed to protect their credentials.
By combining stronger security practices with greater visibility into emerging threats, organizations can better protect themselves against the growing risk of data breaches.
