ASHENEWS reports that Nigeria experienced a significant 119,400 data breaches in the first quarter of 2025, placing it 34th on the global list of most affected countries, according to a new report by cybersecurity firm, Surfshark.
The report estimates that roughly one Nigerian account was compromised every minute during Q1 2025.
It also stated that over 13 million passwords were leaked alongside, placing more than half of those affected at risk of identity theft or other cybercrimes.
The global analysis shows a dramatic 93 per cent drop in leaked accounts, falling from 973.7 million in late 2024 to just 68.3 million in Q1 2025.
Despite the decline, Surfshark warns that cyberthreats remain a serious concern and advises individuals and organizations to maintain strong online security practices.
“In Q1 2025, the number of leaked accounts dropped dramatically, following the alarming surge in breaches seen in 2024,” said Luís Costa, Research Lead at Surfshark. “Although the number of vulnerable accounts decreased, people should remain vigilant. Cyberthreats continue to evolve.”
In Nigeria, the downward trend is evident with an 85 oer cent drop in breached accounts compared to the last quarter of 2024.
Surfshark’s long-term data reveals that since 2004, over 23.2 million user accounts from Nigeria have been compromised.
Statistically, 10 out of every 100 Nigerians have experienced a data breach. The report warns that this could lead to account takeovers, extortion, or further security violations.
Globally, the United States topped the list of most breached countries in Q1 2025 with 16.9 million incidents, followed by Russia, India, Germany, and Spain. South Sudan, however, had the highest breach density—61 accounts leaked per 1,000 residents.
Surfshark’s analysis draws from 29,000 publicly available databases, aggregating data by email address and analyzing breach patterns. It defines a data breach as any exposure of sensitive or confidential information to unauthorized parties.
The company emphasized the importance of regular password updates, enabling two-factor authentication, and staying informed about emerging cyberthreats.
