Record Surge in US Data Breaches and Identity Attacks Driven by Stolen Credentials
Data breaches in the United States have reached alarming levels in 2025, with 835 incidents reported in the third quarter alone, affecting 23 million individuals. Despite a slight downturn in Q3, the total number of breaches for the year has already reached 2,563, impacting nearly 202 million victims, according to the Identity Theft Resource Center. The majority of these compromises—83%—were caused by cyberattacks, while physical attacks have also increased, with 53 incidents reported so far, surpassing the total for the previous year. Major organizations affected include Anne Arundel Dermatology, DaVita, Radiology Associates of Richmond, TransUnion, and Absolute Dental Group, each sending millions of breach notifications to affected individuals. The financial sector has been particularly hard hit, experiencing 188 breaches, making it the most impacted industry. A significant concern highlighted by the ITRC is that 71% of breach notifications lacked details about the attack vectors, which complicates efforts to mitigate identity theft and fraud. Microsoft’s 2025 Digital Defense Report corroborates the trend, noting a 32% surge in identity-based attacks in the first half of the year, with over 97% of these attacks leveraging stolen passwords. Hackers are increasingly using credential leaks, infostealer malware, and social engineering tactics such as help desk scams to obtain access to sensitive accounts. The Scattered Spider group has been linked to several high-profile attacks using these methods. Microsoft has also played a role in disrupting infostealer operations, notably taking down the Lumma Stealer infrastructure, though new variants continue to emerge. The prevalence of password-based attacks underscores the need for stronger authentication measures and better user education. The lack of transparency in breach notifications further exacerbates the risk, as individuals and organizations are left without critical information to protect themselves. The rise in both cyber and physical attacks demonstrates the evolving threat landscape facing US organizations. The healthcare and financial sectors remain prime targets due to the sensitive data they hold. Experts warn that unless organizations improve their security posture and reporting practices, the US is on track for another record-breaking year in data breaches. The combination of sophisticated attack techniques and inadequate breach disclosures increases the risk of widespread identity theft and financial fraud. Security professionals are urged to prioritize credential protection, implement multi-factor authentication, and ensure timely, detailed breach notifications to mitigate the growing threat.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
U.S. remains on pace for a record breach year in 2025
By the time of the Q3 2025 reporting, the U.S. had logged 2,563 breaches and nearly 202 million victims for the year so far, putting it on track for a record year. Major organizations named as impacted included Anne Arundel Dermatology, DaVita, Radiology Associates of Richmond, TransUnion, and Absolute Dental Group.
Microsoft publishes Digital Defense Report 2025 on identity and ransomware trends
Microsoft publicly released its Digital Defense Report 2025, highlighting the surge in identity attacks, the dominance of password-based account takeovers, and ongoing disruption efforts against Lumma Stealer infrastructure. The report also referenced high-profile IT help-desk scam activity associated with English-speaking criminals linked to Scattered Spider.
U.S. records 835 data breaches and 23 million victims in Q3 2025
The Identity Theft Resource Center said the United States experienced 835 data breaches in the third quarter of 2025, affecting 23 million victims. Cyberattacks accounted for 83% of compromises, the financial sector saw 188 incidents, and 71% of breach notices did not explain how the attacks occurred.
Microsoft documents 2024–2025 ransomware and intrusion trends in defense report
In its Digital Defense Report 2025, covering July 2024 through June 2025, Microsoft said IT companies and national and local government bodies were the most targeted sectors. The report also noted exploitation of vulnerabilities including CVE-2024-50623 affecting Cleo, found ransomware objectives in 19% of investigated cases where objectives were known, and described attackers switching ransomware strains and abusing broad antivirus exclusions to evade detection.
Identity attacks rise 32% in the first half of 2025, led by password abuse
Microsoft reported that identity-based attacks increased by 32% in the first half of 2025. More than 97% of observed identity attacks involved passwords, driven largely by large-scale password guessing using leaked credentials, along with infostealer malware and help-desk social engineering.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
U.S. Data Compromises Reach Record Levels as Mega-Breach Counts Fluctuate
The **Identity Theft Resource Center (ITRC)** reported that U.S. data compromises (breaches, leaks, and accidental exposures) reached a new record in 2025, rising **4%** year-over-year to **3,332** incidents—an increase of **79%** over five years and the third consecutive year exceeding 3,000 events. Despite the higher incident count, the number of affected individuals fell sharply to **278.8 million** (down from **1.36 billion** in 2024), which was attributed to the relative absence of **“mega breaches”** that have driven outsized victim totals in prior years. Consumer impact indicators remained negative: an ITRC poll cited widespread breach-notice exposure (most respondents receiving at least one notice) and reported downstream harms including **account takeover** and increased **phishing/spam**, alongside “breach fatigue” reducing follow-on protective actions. Separately, *Hackmageddon* continued its annual tracking of **mega breaches** (defined as incidents involving **>1 million records**) for 2026, reinforcing that large-scale events are monitored as a distinct category that can disproportionately influence annual victim counts even when overall incident volume trends upward.
Mar 21, 2026
Major Data Breaches and Attack Trends in 2025
The year 2025 saw a significant escalation in the scale and sophistication of data breaches worldwide, with attackers leveraging advanced tools such as AI-driven phishing, deepfakes, and automated intrusions. High-profile incidents included the compromise of billions of credentials from tech giants, targeted attacks on airlines and telecoms, and the exposure of sensitive customer data from major insurance companies like Aflac. Attack vectors evolved, with phishing, social engineering, supply-chain breaches, and cloud misconfigurations becoming increasingly prevalent. The financial impact of these breaches was substantial, with average costs per incident rising and global cybercrime losses projected to exceed $10 trillion. Notably, the Aflac breach in June 2025 exposed personal and health data of over 22 million individuals, attributed to the Scattered Spider group, prompting the company to enhance security measures and offer extended identity protection services to affected parties. Industry analysis highlighted the dual use of AI by both attackers and defenders, the growing threat of supply-chain and cloud-based attacks, and the persistent challenge of credential theft. The insurance sector, in particular, faced coordinated campaigns, with similar breaches reported at other firms. Organizations responded by resetting credentials, increasing monitoring, and providing support to victims, while regulatory scrutiny and legal actions intensified. The events of 2025 underscored the urgent need for robust security practices, rapid incident response, and proactive threat intelligence to mitigate the evolving risks posed by increasingly resourceful adversaries.
Mar 21, 2026
Microsoft Reports Surge in Identity-Based Attacks Driven by Infostealers
Microsoft has reported a significant increase in identity-based cyberattacks, with a 32% rise in such incidents during the first half of 2025. The company’s annual threat assessment highlights a shift in attacker tactics, with hackers increasingly using stolen credentials obtained through infostealers or from large-scale data breaches to gain initial access to systems. Malware families such as Lumma Stealer, RedLine, Vidar, Atomic Stealer, and Raccoon Stealer, traditionally used after initial compromise, are now being deployed as first-stage payloads, making credential theft a foundational component of modern cybercrime campaigns. This evolution in attack methodology has led to greater specialization within the cybercrime ecosystem, with distinct roles for initial access brokers, credential sellers, and ransomware operators who leverage stolen credentials for extortion. Microsoft also noted its collaboration with federal authorities to disrupt infostealer infrastructure, such as the Lumma Stealer network, though threat actors have demonstrated resilience by quickly reestablishing operations. The report underscores the growing threat posed by identity compromise and the need for organizations to strengthen credential management and detection capabilities.
Mar 21, 2026