A data breach happens when confidential and sensitive data gets exposed to unauthorized third parties. In 2025 so far, a total of 2.2 million accounts have been breached in the UK, the 6th-highest count in the world, the company Surfshark’s analysis shows.
The data was collected by from 29,000 publicly available databases and aggregated by email address. This data was then anonymized and then analysed statistically. Countries with a population of less than 1 million people were not included in the analysis.
The UK ranks 6th globally and ranks first within Northern Europe, although this is high the figure represents a 49 percent decrease in Q1 2025 over Q4 2024.
This includes big brands such as M&S, Co-op, and Harrods, firms that have been forced to halt online operations to deal with cybercrime.
Global patterns
In descending order, the ten most breached countries in Q1 2025 were the US (16.9M), Russia (4.4M), India (4.2M), Germany (3.9M), Spain (2.4M), the UK (2.2M), France (2.1M), Canada (0.89M), Argentina (0.79M), and South Sudan (0.73M).
The countries with the highest breach density in Q1 2025 (number of leaked accounts per 1,000 residents) were South Sudan (61), Spain (51), the US (49), Germany (46), Slovenia (45), Israel (37), the UK (32), France (32), Russia (30), and Norway (25).
UK’s run-rate
In terms of the rate of breaches for the UK, 17 accounts are being leaked in the UK every minute throughout 2025 so far and since 2004, the UK has had a total of 368 million user accounts exposed. 79 million of them have unique email addresses, which means an average user email was breached four times.
Breaking this down further, the level of breaches represents a total of 79.2 million unique emails were breached from UK. 238.4 million passwords were leaked together with British accounts, putting 65% of breached users in danger of account take over that might lead to identity theft, extortion or other cybercrimes. Statistically, an average British has been affected by data breaches around 5 times.
Furthermore, the UK has had a total of 1.2 billion personal records exposed since 2004. On average, each email is breached with 3.1 additional data points.
Future action
The future threat remains relatively high. Cyberthreats continue to evolve and attackers are constantly adapting their tactics. To protect personal and organizational data, it remains essential for users to follow strong security practices, regularly update passwords, enable two-factor authentication, and stay informed potential risks.
