10% More Data Breaches Reported But With Lower Victim Count

August 3, 2025HIPAA News0

According to Identity Theft Resource Center (ITRC), 2025 will likely be another record-breaking year in terms of data breaches. The ITRC H1 2025 Data Breach Report indicates that reported data breaches increased by 11% year-over-year. ITRC tracked 1,732 data compromises from January 1, 2025, to June 30, 2025, which is already 54.9% of 2024’s full-year total.

More data breaches were reported in H1, mostly because of cyberattacks. The cyberattacks resulted in 1,348 incidents or 77.83% of all reported data breaches in H1, with 114,582,621 individuals’ personal data compromised. Phishing/smishing/BEC attacks resulted in 251 confirmed data breaches, while ransomware attacks resulted in 73 confirmed data breaches. The number of ransomware attacks is likely higher since ransomware is not always mentioned in breach notifications. System or human error caused 129 data breaches that impacted over 6 million individuals.

A total of 165,745,452 individuals were affected by data breaches in H1 2025. Although that number is high, it is not at the same level as mega data breaches as in 2024.

ITRC identified the increasing threat of supply chain attacks. Cybercriminals attack supply chains because they can attack other companies by targeting one vendor. ITRC reported 79 supply chain attacks in H1 2025, affecting 690 entities and compromising 78,320,240 individuals’ data. AI-powered phishing attacks also increased. Attackers use generative AI platforms to create advanced phishing campaigns, which are more difficult to detect.

Three of the top five data breaches reported in H1 2025 involved HIPAA-covered healthcare entities, taking positions 3-5. The top 1 and 2 data breaches were the PowerSchool breach that impacted 71.9 million individuals and the AT&T data breach that impacted 44 million people.

Positions 3-5 involved the following healthcare data breaches:

  • The Yale New Haven Health System cyberattack involved unauthorized access to 5,556,702 individuals’ protected health information (PHI)
  • The medical device company Episource ransomware attack affected 5,418,866 people
  • The Blue Shield of California data breach affected up to 4,700,000 people

The industries with the highest number of data breaches are the following:

  • Financial services reported 387 breaches
  • The healthcare industry reported 283 data breaches
  • Professional services reported 221 data breaches
  • The manufacturing industry reported 158 databreaches
  • Education reported 105 data breaches

Compared to 2024, the number of healthcare data breaches in H1 2025 increased by 19.9% year-over-year but decreased by 24.9% compared to 2023. The number of healthcare data breach victims decreased by 39.2% year-over-year.

For the first half of 2025, ITRC reported troubling trends, such as the lack of transparency regarding the cause of 69% of data breaches.  Many breached entities send notifications, but do not disclose the attack vector details of the breach.

ITRC likewise mentioned the repackaging and republishing of earlier compromised information. In H1, one database contained 16 billion logins and passwords that were compromised in past data breaches. That poses a serious risk for compromises and individuals who should take steps to keep themselves safe from scams and identity fraud. Concerned individuals can contact ITRC or visit its website for more information.

About Thomas Brown
Thomas Brown worked as a reporter for several years on ComplianceHome. Thomas is a seasoned journalist with several years experience in the healthcare sector and has contributed to healthcare and information technology news publishers. Thomas has a particular interest in the application of healthcare information technology to better serve the interest of patients, including areas such as data protection and innovations such as telehealth. Follow Thomas on X https://x.com/Thomas7Brown

ComplianceHome is a registered trademark. Copyright © 2025 ComplianceHome. All rights reserved.