Nigeria recorded over 119,000 data breaches in the first quarter of 2025, ranking 34th globally in the latest data breach index by cybersecurity firm Surfshark. Though the number may seem high, it marks a significant 85% drop from Q4 2024, aligning with a broader global decline in cyber incidents.
The report defines a data breach as the unauthorized copying and leakage of user data—including names, email addresses, and passwords. Each breached email address counts as a separate compromised account.
Despite the decline, Nigeria remains one of the most affected countries in Sub-Saharan Africa. Since 2004, the country has recorded over 23.2 million compromised user accounts, with 13 million passwords leaked and 7.3 million unique email addresses exposed. More than half of those affected (56%) are at risk of identity theft or account hijacking.
In Q1 2025 alone, an estimated one Nigerian account was breached every minute, according to Surfshark’s analysis.
Global Trends and Risks
Worldwide, the number of leaked accounts dropped sharply from 973.7 million in Q1 2024 to 68.3 million in Q1 2025, a 93% year-on-year decline.
The most affected countries this quarter were:
United States: 16.9 million
Russia: 4.4 million
India: 4.2 million
Germany: 3.9 million
Spain: 2.4 million
When measured per capita, South Sudan led with 61 leaked accounts per 1,000 residents, followed by Spain (51), USA (49), Germany (46), and Slovenia (45).
Despite the decline in numbers, cybersecurity experts caution against lowering defenses.
“Cyberthreats are constantly evolving… Frequent password updates and two-factor authentication are essential,” said Luís Costa, Research Lead at Surfshark.
Surfshark analyzed 29,000 publicly available databases, treating each unique breached email address as a separate account. The dataset included additional information like IP addresses, phone numbers, and postal codes. All data was anonymized, and countries with populations under 1 million were excluded.