Nigeria has emerged as a hotspot for data breaches in 2025, with over 566,300 accounts compromised so far, according to cybersecurity company Surfshark latest analysis.
This surge comes as global breach rates drop, underscoring the country’s vulnerability in an era of AI-driven cyber threats.
Key Findings from Q3 2025
In the third quarter (July-September), 408,900 Nigerian accounts were leaked, ranking the country 16th worldwide. That’s a staggering tenfold jump from 2nd quarter of the year, where breaches occurred at just 0.3 accounts per minute, rising to 3.2 per minute in 3rd quarter.
Globally, breaches totaled 90.6 million in 3rd quarter, a 22.3 per cent decrease from the previous quarter’s pace of 899 accounts per minute.
France topped the list with 15.5 million breaches (17 per cent of the global total), followed by Germany (10.5 million), the US (10.5 million), India (10.2 million), and Canada (4.8 million).
Other notable countries include Montenegro (3.1 million), Russia (2.9 million), the UK (2.5 million), the Netherlands (1.2 million), and Indonesia (943 thousand).
Europe bore the brunt, with 1 in 2.3 breached accounts originating there, 40 per cent of them French. North America accounted for 17 per cent (15.7 million), Asia for 15.6 per cent (14.1 million), and other regions around 5 per cent, with 19 per cent unknown.
The AI factor and long-term impact
“The increase of AI tools means that even minor data breaches can now be leveraged at scale,” explained Sarunas Sereika, Senior Product Manager at Surfshark.
“Previously, exploiting leaked data required significant technical skill, but AI has lowered the barrier to entry, allowing malicious actors to rapidly analyze and weaponize even seemingly insignificant data, transforming leaked names, addresses, and preferences into highly personalized attacks.”
Looking back to 2004, Nigeria ranks third in Sub-Saharan Africa for total breaches, with 23.7 million accounts affected.
This includes 7.6 million unique emails and 13.1 million passwords, leaving 55 per cent of users at risk of takeovers that could result in identity theft, extortion, or other crimes. Roughly 10 out of 100 Nigerians have been impacted.
Methodology and about Surfshark
Surfshark’s study aggregates anonymized data from 29,000 public databases, treating each leaked email as a separate account.
It excludes countries with populations under one million. Surfshark, based in the Netherlands with offices in Lithuania and Poland, provides VPNs, antivirus, and data leak alerts.
