Data Breach Risks Highlighted as Identity Theft Surges, Experts Warn A recent report underscores the growing threat of identity theft following data breaches, even when stolen information hasn’t yet been exploited. James Lee, president of the Identity Theft Resource Center (ITRC), warns that many victims remain unaware of breaches until fraudulent activity such as unauthorized unemployment, housing, or food assistance claims disrupts their lives. The ITRC advises immediate action if suspicious charges appear, regardless of the amount. Consumers should monitor credit reports, dispute errors with credit bureaus, and act swiftly to mitigate further damage. However, Lee cautions against trusting unsolicited communications offering breach assistance, as scammers often exploit victims through fraudulent calls, emails, or texts. For those affected, the ITRC provides free resources through its Victim Help Center at [idtheftcenter.org](https://idtheftcenter.org), emphasizing that support is available to navigate the aftermath of a breach. The incident highlights the long-term risks of exposed data and the importance of vigilance in detecting fraud early.

Record-Breaking Data Breaches in 2025 Highlight Growing Cybersecurity Challenges In 2025, data breaches and compromises surged to an all-time high, with 3,322 publicly reported incidents a staggering increase from just over 100 in 2005 according to the Identity Theft Resource Center (ITRC) in its 20th annual report. The findings underscore the escalating threat landscape, driven in part by AI-fueled attacks and persistent vulnerabilities in corporate security practices. The report revealed that 81% of small businesses experienced a cyberattack, data breach, or both in the past year, with nearly 40% raising prices to offset recovery costs. However, the most concerning trend was the lack of transparency in breach notifications. Many companies failed to provide critical details, such as how the breach occurred, what data was exposed, or steps being taken to prevent future incidents. Despite these shortcomings, the ITRC noted a shift in consumer behavior: 100% of recipients read breach notices, and many proactively sought information on potential risks. The report highlights the financial and operational toll of breaches on businesses while raising questions about accountability in breach disclosures.

Data Breaches Hit Record Highs in 2025, Leaving Consumers Overwhelmed and Vulnerable A new report from the Identity Theft Resource Center (ITRC) reveals that data breaches have become an inescapable reality for most Americans, with 80% of adults receiving at least one breach notification in the past year nearly 40% reporting three to five. The Data Breach 2025 Report highlights a surge in cyberattacks, with 3,322 breaches recorded in the U.S. in 2024, a 5% increase from the previous year. The actual number is likely higher, as some incidents go unreported due to gaps in disclosure laws. The fallout extends beyond mere inconvenience. Stolen personal data Social Security numbers, credit card details, and other sensitive information fuels increasingly sophisticated phishing scams, account takeovers, and financial fraud. Many victims report heightened anxiety, with 46% feeling powerless to protect themselves, a phenomenon the ITRC describes as "breach fatigue." While some take proactive steps like changing passwords or freezing credit, others dismiss notifications as scams or assume no action will make a difference. Transparency remains a critical issue. Only 30% of breach notices in 2024 included details on the cause or the specific data compromised, leaving consumers ill-equipped to defend against targeted attacks. The ITRC advocates for stronger regulations requiring clear, non-technical explanations of breaches and a full inventory of exposed data. The report underscores a growing threat landscape where criminals exploit stolen information to craft convincing fraud attempts, making vigilance essential. Yet without consistent disclosure standards, even basic precautions like monitoring accounts or verifying breach notices become harder for individuals to navigate. The trend shows no signs of slowing, with identity misuse expected to rise as attackers refine their tactics.

Supply Chain Cyberattacks in the U.S. Surge from 2021 to 2025, New Data Reveals A recent report from the Identity Theft Resource Center (ITRC), published on January 23, 2026, highlights a sharp rise in supply chain cyberattacks impacting U.S. entities between 2021 and 2025. The data, compiled by Statista, tracks the annual number of organizations affected by these attacks, underscoring the growing threat to third-party vendors and interconnected digital ecosystems. While the full dataset requires a premium Statista account, the findings reflect a broader trend: supply chain attacks have become a preferred vector for cybercriminals, exploiting vulnerabilities in software providers, service vendors, and other trusted partners to compromise multiple downstream targets. The ITRC’s analysis suggests that as reliance on third-party solutions increases, so does the attack surface for organizations across sectors from healthcare and finance to technology and logistics. The report serves as a benchmark for assessing the scale of supply chain risks, though specific figures on the number of impacted entities remain restricted to paid subscribers. The data was last accessed on March 23, 2026, and is part of Statista’s broader repository of cybersecurity and threat intelligence metrics.

Small Businesses Face Rising Cybersecurity Threats, Report Finds Small businesses are increasingly adopting cloud computing, AI, and digital tools to boost efficiency and competitiveness, but these advancements come with heightened cybersecurity risks. According to the Identity Theft Resource Center (ITRC) 2025 Business Impact Report, released in December, 81% of U.S. small businesses experienced a cybersecurity breach or data breach in the past year, with over half reporting financial losses between $250,000 and $1 million. For small businesses operating on tight margins, such incidents can be devastating. Nearly 40% of affected companies were forced to raise prices to offset financial damages, underscoring the severe impact of cyber threats on operations and profitability. The ITRC report highlights the disproportionate vulnerability of small businesses, which often lack the robust security infrastructure of larger enterprises. Common attack vectors include weak passwords, outdated software, and human error factors that can be mitigated with proactive measures. While the report outlines seven key cybersecurity practices such as enforcing multi-factor authentication (MFA), regular employee training, and secure data backups it emphasizes that preventive steps are far less costly than recovery efforts. Without adequate safeguards, small businesses risk not only financial losses but also reputational damage and long-term operational disruptions.

In the first half of 2025, the Identity Theft Resource Center (ITRC) reported a catastrophic data breach wave affecting over 165 million people in the U.S. alone, marking an unprecedented surge in mass-scale personal data exposure. The breaches predominantly involved leaks of sensitive personal information—including names, Social Security numbers, financial records, email addresses, physical addresses, passwords, and hashed credentials—from major international corporations. The fallout triggered a secondary epidemic of identity theft, credit card fraud, and phishing scams, as cybercriminals exploited the exposed data for financial gain. The ITRC’s report underscored systemic vulnerabilities in data protection frameworks, with breaches occurring at a near-daily frequency, eroding public trust in digital security. While the article highlights mitigative measures like VPNs and fraud alerts (e.g., Surfshark’s tools), the core issue remains the uncontrolled dissemination of personal data across dark web markets and scammer networks. The breach’s ripple effects extended beyond immediate financial losses, fostering long-term risks of sustained identity fraud, reputational damage to affected companies, and regulatory scrutiny. The scale and persistence of these incidents suggest a failure in proactive cybersecurity defenses, leaving millions exposed to ongoing exploitation.

Cybercriminals Shift Tactics as Mega-Breaches Decline, AI Exploitation Rises A new report from the Identity Theft Resource Center (ITRC) reveals a concerning evolution in cyberattacks, despite a sharp drop in victim notifications. While breach alerts fell from 1.36 billion in 2024 to 279 million in 2025, researchers warn this decline does not reflect fewer attacks. Instead, hackers are abandoning large-scale "mega-breaches" in favor of smaller, more targeted, and harder-to-detect intrusions. The ITRC Data Breach Report highlights a key trend: artificial intelligence (AI) is being weaponized to exploit previously compromised data, enabling attackers to refine their methods with greater precision and automation. Though ransomware attacks have decreased for the second consecutive year, the shift toward AI-driven threats poses new risks for individuals and organizations. The financial and psychological toll of identity theft remains severe. Among victims who contacted the ITRC, one in five reported losses exceeding $100,000, while 67% admitted to considering self-harm after experiencing fraud. The report underscores the need for adaptive defenses, though specific countermeasures were noted in the original analysis. The findings reflect a broader industry trend cybercriminals are prioritizing stealth and efficiency over mass exposure, making detection and mitigation increasingly challenging.

U.S. Data Breaches Reach Record High in 2025 Amid Declining Transparency The Identity Theft Resource Center (ITRC) reported a record 3,322 data compromises in the U.S. in 2025 the highest number ever tracked. However, only 30% of breach notices provided actionable details, a sharp decline from previous years when nearly all disclosures included critical information. ITRC President James Lee warned that this lack of transparency increases risks for individuals and businesses, particularly as cybercriminals leverage AI-driven attacks and repurposed breach data. The report highlights growing concerns over inconsistent state laws, legal risks, and corporate liability fears, which have led many organizations to withhold key details. AI-powered threats, supply chain vulnerabilities, and the reuse of stolen data in new attacks further complicate the landscape. Lee emphasized that all organizations, regardless of size, remain prime targets, with identity crimes often serving as a gateway to larger breaches. In an interview with Information Security Media Group, Lee discussed the rising trend of attackers exploiting previously compromised data, the vulnerabilities created by opaque breach disclosures, and the need for stronger federal regulations and minimum cybersecurity standards. The ITRC’s findings underscore the urgency of improved transparency and proactive defenses in an evolving threat environment.