- A new Proton study reveals that 71% of data breaches affect companies with fewer than 250 employees.
- Results come from its new Proton Data Breach observatory
- Hundreds of billions of compiled documents have already been impacted so far in 2025
A new study from Proton has identified nearly 800 verified data breaches in 2025 so far, resulting in the disclosure of more than 300 million individual records.
Its data suggests that more than 1,500 breaches affected businesses in 2025 if compilations are included, with hundreds of billions of records compromised. Unfortunately, those who can least afford violations are small businesses, but they are the most targeted.
Companies with 10-49 employees and 50-249 employees accounted for 48% of breach incidents, and companies with fewer than 10 employees accounted for another 23%, meaning the vast majority of incidents (71%) involved companies with fewer than 250 employees.
Retail in danger
Unsurprisingly, especially for UK readers, retail and wholesale traders are the most frequently targeted sector, accounting for just over 25% of breaches. The year 2025 saw a series of high-profile cyberattacks on UK retailers, with the attack on Coop and M&S costing around £300 million to recover.
The most commonly compromised form of personally identifiable information is email addresses – the basic information that most sites collect when users sign up – which are in 100% of exposures.
Likewise, names (90%) and contact information such as phone numbers (72%) are also common items. Less frequently but more seriously, passwords appear in 49% of incidents, and sensitive information such as medical or government records appear in 34% of breaches.
The findings were discovered following the launch of Proton’s Data Breach Observatory, a resource that monitors and reports breaches and cyberattacks based on Dark Web data.
While the numbers don’t seem huge, the “hundreds of billions” of exposed documents indicate that almost all of us have had our information compromised – most of us multiple times.
The main danger of these breaches is the risk of identity theft, as criminals will use your information to take out loans or credit cards.
We always advise vigilance and continued monitoring of accounts and bank statements to ensure nothing is overstepping. You can also check if your information has been included in breaches using the Have I Been Pwned notification site, so you can use it to assess your exposure.
The best identity theft protection for every budget
