By 
Surfshark’s quarterly analysis of global data breaches shows that Nigeria ranks as the 34th most breached country in Q1 2026, with 281.5k leaked accounts. Globally, a total of 210.3 million accounts were breached, with the US ranking first and amounting to 29% of all breaches from January through March. France takes second place, while India is third, followed by Brazil and the UK.
RELATED: Global cyber attacks surge in January 2026 as ransomware and GenAI risks intensify – Nigeria most hit in Africa
Since 2004, Nigeria is the 3rd in Sub-Saharan Africa, with 24.1M compromised user accounts. A total of 7.5M unique emails were breached from Nigeria. 13M passwords were leaked together with Nigerian accounts, putting 54% of breached users in danger of account take over that might lead to identity theft, extortion or other cybercrimes. Statistically, 10 out of 100 Nigerian people has been affected by data breaches.
The scope of exposed information often extends to highly sensitive personal data, such as Social Security Numbers (3.9k), financial data, e.g., payment card numbers (1.6k), and contact information, such as phone numbers (1.9M) and addresses (925.8k).
Globally, the number of breached accounts tripled in Q1 2026 compared to the same period in 2025 and increased by 22% compared to the last quarter of 2025.
An important fact is that, in 2025, 20.2% of companies reported using AI, up from 8.7% in 2023 — meaning adoption has more than doubled over the past two years. Do the figures for recent AI adoption and the increase in data leaks correlate?
According to Tomas Stamulis, Chief Security Officer at Surfshark, as companies rapidly adopt AI, they increase the amount of user data stored, expand the number of digital systems they use, and integrate more platforms to manage larger volumes of user data.
“These AI-driven systems also collect and log more detailed user information for automation, analytics, and model improvement. While this improves the company’s efficiency, it also means there are many more systems for businesses to secure, more opportunities for error, and more points where sensitive information such as user credentials and personal data can be exposed. As a result, hackers now have a larger and more complex environment to exploit and execute attacks, including data breaches,” explains Tomas Stamulis.
With data breaches becoming a daily risk for companies, Stamulis shares his deepest concerns about businesses forcing users to create accounts and provide personal information to complete an online purchase when there is no clear need for it.
“For people, a data leak means their personal information is forever on the internet. It’s not a one-time threat that disappears after a user changes their compromised email address and password. It becomes a constant security risk as hackers reuse leaked data, package it into ‘combo lists,’ combine it with new leaks, and resell it repeatedly. So even after 10 or 20 years, leaked data is still valuable and can be used against a user to commit fraud, gain access to more data, and steal money,” says Surfshark’s Chief Security Officer.
He reminds people of the main habits of personal data hygiene in the age of AI:
- Provide your real data, such as your primary email address, telephone number, home address, and other sensitive personal information, only when there is a critical need, such as filling out official forms;
- In other cases, use an alternative identity or email masking services;
- Avoid providing your data unless necessary.
Nigeria’s full profile can be found here: https://surfshark.com/research/data-breach-monitoring?country=ng
