Welcome to the Identity Theft Resource Center's (ITRC) Weekly Breach Breakdown for January 9, 2026. Happy New Year! We are excited to be back for Season 7 of this podcast. I'm Alex Achten, Vice President of Media Relations for the ITRC. Thanks to Sentilink for supporting the ITRC and this podcast. I may have a new title this year, but the content on the Weekly Breach Breakdown remains the same. Each week, we look at the most recent events and trends related to data security and privacy. Today, we are going to take a look back at some of the cybersecurity 2025 headlines and then take the advice of rock band, “Boston” in their 1978 album – Don’t Look Back!
Show Notes
Follow on LinkedIn: www.linkedin.com/company/idtheftcenter/
Follow on Twitter: twitter.com/IDTheftCenter
Show Transcript
Welcome to the Identity Theft Resource Center's (ITRC) Weekly Breach Breakdown for January 9, 2026. Happy New Year! We are excited to be back for Season 7 of this podcast. I'm Alex Achten, Vice President of Media Relations for the ITRC. Thanks to Sentilink for supporting the ITRC and this podcast. I may have a new title this year, but the content on the Weekly Breach Breakdown remains the same. Each week, we look at the most recent events and trends related to data security and privacy. Today, we are going to take a look back at some of the cybersecurity 2025 headlines and then take the advice of rock band, “Boston” in their 1978 album – Don’t Look Back!
You will be shocked at the top cybersecurity 2025 headline. Any guesses? If you guessed artificial intelligence (AI), you are correct. AI was an emerging concern in January 2025. By December, it was infrastructure. According to CISO Series, in early 2025, their stories focused on theoretical risks and proof-of-concept attacks. By the halfway mark, it was incidents involving AI systems being compromised or used in attacks. Fast forward to the end of the year, and they were covering entire large-scale autonomous threat campaigns done with Anthropic’s Claude AI engine.
One of the ITRC’s 2025 predictions was that the cybercrime job market would boom. We predicted that professional cybercriminal organizations would take advantage of AI and the lack of enforceable cybersecurity standards in the U.S. Unfortunately, we were right, and it was not even a big stretch.
Another headline was the real-world pain that was felt. Several municipal governments limited their operations following cyberattacks. CISO Series reports that attacks disrupted manufacturing, impacting everything from beer to cars, and took production offline for weeks. Consumers also saw real consequences from cyberattacks.
According to the ITRC’s 2025 Business Impact Report, for the first time, 38.3 percent of small business leaders reported they “raised prices” to address the financial impacts of an incident, creating a hidden “cyber tax” that helped fuel inflation. The emotional impacts were also felt on consumers. Last year, we surveyed victims who contacted the ITRC separately and general consumers who were victims of identity crimes. Approximately 25 percent of the total number of general consumer respondents answered “Yes” when asked if they had “seriously considered self-harm as a way of dealing with your identity theft, fraud or scam.” When considering only those who self-identified as a victim, 67.8 percent responded “Yes.”
The third cybersecurity 2025 headline was the geopolitical escalation. The nation-state story of 2025 wasn’t any single campaign—it was the sheer volume. CISO Series saw:
- More aggressive targeting of critical infrastructure,
- expanded targeting beyond traditional espionage goals,
- attribution accelerating and becoming more politically charged, and
- a lower barrier to entry for less sophisticated states.
What is in store for this year, you ask? Well, buckle up for a lot more of the same. AI-social engineering could drive a surge in hyper-personalized identity theft, as well as hurt victim support with the shift to answer engines. AI could also introduce new autonomous cyber threats and defenses. The regulatory landscape for AI and data privacy could become a complex global patchwork. These are just a few of the ITRC’s predictions for 2026. To read the comprehensive list, click here.
Regardless of what happened in 2025 and what might happen in 2026, at the ITRC, we will not look back. We are focused on what is in store and on how best to serve victims of identity theft, fraud and scams.
One trend we saw in 2025 that is likely to be a headline in early 2026 is the scale and scope of data breaches. We will have more on that when we release our 2025 Annual Data Breach Report on Thursday, January 29, at the Identity, Authentication, and the Road Ahead Identity Policy forum, hosted by the Better Identity Coalition, the FIDO Alliance and the ITRC.
If you want to know more about how to protect your business or personal information or think you have been the victim of identity theft, fraud or a scam, you can speak with an expert ITRC advisor on the phone, via text message, chat live on the web, or exchange emails during our normal business hours (6 a.m.-5 p.m. PT). Just visit www.idtheftcenter.org to get started.
Thanks again to Sentilink for their support of the ITRC and this podcast. Please hit the like button for this episode and subscribe wherever you listen to your podcasts.
We will return next week with another episode of the Weekly Breach Breakdown. I’m Alex Achten. Until then, thanks for listening.
