The Weekly Breach Breakdown Podcast: Step Into the Breach – Q3 2025 Data Breach Analysis - S6E31

Show Transcript

Welcome to the Identity Theft Resource Center's (ITRC’s) Weekly Breach Breakdown for October 10, 2025. I'm Alex Achten, Senior Director of Communications & Media Relations for the ITRC. Thanks to Sentilink for supporting the ITRC and this podcast. Each week, we look at the most recent events and trends related to data security and privacy. Today, we will examine our Q3 2025 data breach findings.

The last time we inspected the latest data breach trends was in our H1 2025 Data Breach Report. At that time, we were on pace to track a record number of compromises in 2025. Cyberattacks were the primary cause of data breaches where personal information was stolen. Sixty-nine (69) percent of data breach notices did not include information about the root cause of the attack. What changed in the third quarter of the year? The short answer? Not much. Let’s dive into the Q3 2025 data breach numbers.

In Q3 2025, the ITRC tracked 835 data compromises, resulting in just over 23 million victim notices. Through the first three quarters of the year, the ITRC has now tracked 2,563 compromises, leading to almost 202 million victim notices. 

While the number of victim notices remains a fraction of what it was in 2024 (due in part to fewer people being impacted by a small handful of mega breaches in 2024), the ITRC remains on pace to track a record number of compromises in 2025. We are approximately 640 compromises away from setting the record –the ITRC has not tracked fewer than 800 compromises in a quarter this year. 

Unfortunately, the increase in breach notices without attack vector details continues to increase as well. In Q1, 68 percent of notices did not include those details. The number rose to 69 percent in the H1 2025 Data Breach Report. In Q3, 71 percent of notices did not include those details. This troubling trend will continue to leave victims of these breaches vulnerable to identity theft, fraud and scams.

A few other Q3 2025 data breach highlights include:

• Of the 835 data compromises, 691 were cyberattacks, 46 were system and human error, 19 were physical attacks and 33 were supply chain attacks. 
• The ITRC has seen 53 physical attacks in 2025 year-to-date compared to only 33 physical attacks in all of 2024. This is a trend we will continue to monitor.
• The Financial Services industry was the most impacted in Q3, accounting for 188 compromises, followed by Healthcare, Professional Services, Manufacturing and Education. 

Let’s wrap up by taking a look at the top compromises by victim count in the quarter. TransUnion is at the top of the list, with more than 4.4 million victim notices issued due to their data event. This was a supply chain attack that did not result in credit information being exposed, according to the company. 

Other top Q3 2025 data breaches include:

• DaVita, Inc. (2.7 million victim notices)
• Anne Arundel Dermatology, P.A. (1.9 million victim notices)
• Radiology Associates of Richmond, Inc. (1.4 million victim notices)
• Absolute Dental Group, LLC (1.2 million victim notices)

To protect yourself from these data events, freeze your credit, whether you have received a victim notice or not. It is the single most impactful thing you can do to protect yourself. 

Also, exercise good cyber-hygiene by having unique 12+ character passphrases on each account (and switch to passkeys when offered). Use multi-factor authentication everywhere it is available to provide you with an added layer of security. If you are curious about whether you're practicing good cyber-hygiene, take our quiz! Visit www.idtheftcenter.org and click on the banner at the top of the website that reads, “Take Our Quiz.” 

The ITRC will continue to track the latest data breaches and trends and bring you the details in our monthly newsletter, In the Loop, and in our quarterly data breach newsletter. You can subscribe to them by visiting our website, www.idtheftcenter.org, and clicking on “Newsletter” under the “Resources” tab. We will release our 2025 Annual Data Breach Report in January 2026. 

If you want to know more about how to protect your business or personal information, Q3 2025 data breaches or think you have been the victim of identity theft, fraud or a scam, you can speak with an expert ITRC advisor on the phone, via text message, chat live on the web or exchange emails during our normal business hours (6 a.m.-5 p.m. PT). Just visit www.idtheftcenter.org to get started.

Thanks again to Sentilink for their support of the ITRC and this podcast. Please hit the like button for this episode and subscribe wherever you listen to your podcasts. We will return next week with another episode of the Weekly Breach Breakdown. I’m Alex Achten. Until then, thanks for listening.