Most data breaches have unknown causes as transparency continues to fall

The Identity Theft Resource Center (ITRC) reports 1,732 publicly disclosed data breaches in H1 2025, marking a 5% increase over the same period in 2024. The ITRC could track a record number of compromises in 2025 if the current data breach trend continues through Q3 and Q4.

Data breaches show no signs of slowing in H1 2025

The number of victim notices in H1 2025 (165,745,452) represents only 12% of the victim notices issued by mid-year 2024. The decrease is due in part to fewer people being impacted by the small handful of mega breaches in 2025 compared to 2024. Cyberattacks were the primary cause of data breaches where personal information was stolen (1,348 incidents reported, leading to 114,582,621 victim notices).

The number of data breach notices without information about the root cause of the attack jumped from 65% in H1 2024 to 69% in the first six months of 2025, a data breach trend that has continued for nearly the last five years.

The financial services and healthcare industries continue to be the most targeted sectors, with 387 and 283 compromises, respectively. While the number of compromises in financial services is slightly down from H1 2024, the healthcare sector saw an increase in breach events.

“Through the first half of the year, we’ve seen a continuation, and in some cases, acceleration of the trends from 2024,” said James E. Lee, President of the Identity Theft Resource Center. “Some of these trends are troubling – like the lack of transparency surrounding what caused more than two-thirds of compromises.”

“We also saw the use of recycled information emerge,” Lee continued. “That’s a serious risk for businesses since much of the data is logins and passwords, but it also means individuals need to take steps to protect themselves from identity fraud and scams.”

Previously compromised data

Supply chain attacks have proven to be a significant and growing threat. In the first half of the year, 79 such breaches were reported, affecting 690 entities and compromising the data of 78,320,240 individuals. This highlights the cascading effect that a single vulnerability in a third-party vendor can have on a multitude of organizations and their customers.

The broader cybersecurity landscape in 2025 is marked by the continued rise of AI-powered phishing attacks, which are more sophisticated and harder to detect.

Also, the introduction repackaged and recirculated personal information, previously compromised data (PCD), into the risk environment represents a significant new threat to organizations that are vulnerable to the use of stolen logins and passwords to gain access to mission critical systems for ransom attacks and/or data exfiltration. The recent discovery of an unsecured cloud environment with more than 16 billion logins and passwords aggregated into a single database is an example of PCD.

PCD does not represent an increased risk to individuals, but rather a continuing risk of a variety of identity crimes, including fraud and scams.

The ITRC has already tracked more physical attacks in the first half of 2025 (34) than in the full year 2024 (33). Although smaller in absolute numbers, this data breach trend is worth monitoring.