The Weekly Breach Breakdown: ITRC H1 2025 Data Breach Analysis – Key Findings & Takeaways – S6E22

Show Transcript

Welcome back to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown, supported by Sentilink. I’m James E. Lee, the ITRC’s President, and this is the episode for July 18, 2025. Each week, we take a look at the latest news and trends related to data security and privacy. This week, the ITRC released our H1 2025 Data Breach Analysis that looks at what happened in the first six months of 2025 when it comes to U.S. data compromises. Let’s talk about the trends, but first, some housekeeping with some numbers: 

A total of 1,732 data compromises were reported in the first half of 2025, resulting in a little more than 165.7 million breach notices. That’s about five percent ahead of where we were at this time last year in terms of compromises. It’s also more reported compromises than at the halfway point in 2023, when we set the current high-water mark for data compromises.  

However, the number of victim notices through June is only 12 percent of the total for 2024. That’s due to the fact that we haven’t seen the same level of mega-breaches affecting hundreds of millions of people that we saw last year. 

Also, financial services and healthcare continued to be the most targeted industries. The number of compromises in financial services was down slightly from 2024. However, the healthcare sector saw an increase in breach events compared to the same period last year. 

The data in the H1 2025 Data Breach Analysis indicates that the trends observed in 2023 and 2024 are largely holding steady, or in some cases, accelerating. 

• Cyberattacks remain the root cause of the overwhelming majority of data breaches. Seventy-eight (78) percent of compromises were true data breaches, resulting in 69 percent of the breach notices issued in the first half of 2025.  
• The Supply Chain was a critical weakness through June. While only about one-half of one percent of all compromises, they represent nearly 50 percent of the breach notices sent to individuals whose data was breached at almost 700 companies.  
• The lack of detail in breach notifications continued to grow in the first six months of this year. Sixty-nine (69) percent of 2025’s breach notices did not include an attack vector, up from 65 percent for the full year 2024. This increasing lack of transparency hinders a full understanding of the threat landscape and makes it difficult for individuals and other organizations to protect themselves from similar attacks. 

The trend that emerged in H1 popped up late in the second quarter. It appears to be linked, at least in part, to the increased use of artificial intelligence (AI). We’re calling this new category of data event the cleverly named Previously Compromised Data (PCD), because it involves the repackaging and recirculation of specific personal information that has been previously reported as stolen or exposed, usually including logins and passwords. 

The best example in the H1 2025 Data Breach Analysis is a cloud database discovered in June with no security, containing more than 16 billion logins and passwords aggregated into a single database. Who created it and how it was used before it was shut down is not known. 

However, this is not a hair-on-fire moment. The information appears to be old data that has been analyzed and sorted using AI, but it does not represent a new risk. Instead, PCD is a continuing risk of a variety of identity crimes, including fraud and scams launched against people and organizations. In this case, the best defense is good old-fashioned password hygiene technique – always use a unique password on each account you have. 

There is much more insight and information in the full H1 2025 Data Breach Analysis, which you can download from our website at www.idtheftcenter.org/reports. The report includes tips on how to protect yourself and organizations before and after a data breach. 

If you are the victim of identity theft, fraud or a scam, speak with an expert ITRC advisor on the phone, via text message, chat live on the web or exchange emails during our normal business hours (6 a.m.-5 p.m. PT). Just visit www.idtheftcenter.org to get started.  

Thanks again to Sentilink for their support of the ITRC and this podcast. Please hit the like button for this episode and subscribe wherever you listen to your podcasts.   

Next week, check out our sister podcast, the Fraudian Slip, when we discuss the impact of AI on identity theft, fraud and scams. We will return in two weeks with another episode of the Weekly Breach Breakdown. Until then, thanks for listening.