By 
The latest study by cybersecurity company Surfshark ranks Nigeria as the 16th most breached country in Q3 2025, with 408.9k leaked accounts.
RELATED: 183m email passwords leaked in global data breach, Gmail accounts affected
Globally, a total of 90.6 million accounts were breached, with France ranking first and accounting for 17% of all breaches from July through September. Germany takes second place, followed by the US, which is in third place, with India and Canada rounding out the top five.
AI Fuels Global Data Crisis: 90 Million Accounts Breached in Q3 2025
“The increase of AI tools means that even minor data breaches can now be leveraged at scale. Previously, exploiting leaked data required significant technical skill, but AI has lowered the barrier to entry, allowing malicious actors to rapidly analyze and weaponize even seemingly insignificant data, transforming leaked names, addresses, and preferences into highly personalized attacks,” says Sarunas Sereika, Senior Product Manager at Surfshark.
Overall, looking at different quarters of 2025, the number of global breaches is declining. In 2025 Q2, 899 accounts were being breached every minute. In 2025 Q3, however, breach rates are 22.3% lower, with 699 accounts being leaked every 60 seconds. The trend in Nigeria is the opposite. The breach rate is ten times higher in Q3 2025 than it was in Q2 2025, rising from 0.3 to 3.2 breached accounts per minute.
Nigeria ranks third in Sub-Saharan Africa
Surfshark’s analysis of data breaches since 2004 shows that Nigeria ranks third in Sub-Saharan Africa, with 23.7 million compromised user accounts. A total of 7.6M unique emails were breached from Nigeria. 13.1M passwords were leaked together with Nigerian accounts, putting 55% of breached users in danger of account takeover that might lead to identity theft, extortion, or other cybercrimes. Statistically, 10 out of 100 Nigerian people have been affected by data breaches.
Europe was the most affected region by breaches in Q3 2025, followed by North America and Asia
1 in 2.3 accounts breached in Q3 2025 originated from Europe, with 40% of these being French. North America accounts for 17% of the breaches (15.7M). An additional 15.6% of the accounts originated from Asia (14.1M). All other regions accounted for around 5% of the year’s total, and nearly 19% remained unknown.
France, Germany, USA are most breached countries
In descending order, the ten most breached countries in Q3 2025 were France (15.5M), Germany (10.5M), the US (10.5M), India (10.2M), Canada (4.8M), Montenegro (3.1M), Russia (2.9M), the UK (2.5M), the Netherlands (1.2M), and Indonesia (943.7k).
METHODOLOGY
A data breach happens when confidential and sensitive data gets exposed to unauthorized third parties. In this study, we treat every breached or leaked email address used to register for online services as a separate user account, which may have been leaked with additional information, such as password, phone number, IP address, zip code, and more.
The data was collected by our independent partners from 29,000 publicly available databases and aggregated by email address. This data was then anonymized and passed on to Surfshark’s researchers to analyze their findings statistically. Countries with a population of less than 1M people were not included in the analysis.
The Data Breach World Map is updated quarterly with the most recent data from our independent partners. For the full methodology, please refer to: https://surfshark.com/research/data-breach-monitoring/methodology
