During the second quarter of the year, user account leaks averaged one every minute, a record high.
South Africa continues to be a target of cybercriminals, ranking 27th globally in the most breached countries in the second quarter of 2025, highlighting persistent cybersecurity gaps.
A new report by Surfshark has revealed that, so far in 2025, a total of 369,600 accounts have been leaked in the country.
A data breach every minute
The second quarter of the year hit a high, with one user account leaked every minute.
Surfshark’s report indicates that more than 21 000 South African accounts were breached between April and June, which translates to approximately three per 100 000 people.
In total, South Africa has had a total of 124.2 million personal records exposed since 2004. On average, each email is breached with 2.9 additional data points.
ALSO READ: A cyberattack every 39 seconds: Upgrade PCs to upgrade security
Personal information
Sarunas Sereika, product manager at Surfshark, said today’s digital age requires people to share more and more personal information to carry out daily tasks.
“Whether sharing your name and address for food deliveries, or phone numbers when making a booking at a barber shop, there is no guarantee that businesses are keeping crucial information safe and secure.
“In the wrong hands, this data can be used to commit identity theft, via social media, for targeted scams or sold on the dark web — where they’re traded for further illegal use,” said Sereika.
Leak
Surfshark’s latest study showed that 161 100 accounts were leaked in the second quarter of 2025.
Globally, a total of 93.6 million accounts were breached, with the US ranking first and amounting to 45% of all breaches from April through June. France takes second place, while India is third, followed by Germany and Israel.
ALSO READ: Data breaches cost SA organisations over R360m in 3 years
Data breach over the years
Surfshark’s analysis of data breaches since 2004 shows that South Africa ranks second in Africa, with 42.8 million compromised user accounts. A total of 12.7M unique emails were breached from South Africa.
The report also showed that 22.7 million passwords were leaked together with South African accounts, putting 53% of breached users in danger of account takeover that might lead to identity theft, extortion or other cybercrimes.
Statistically, 66 out of 100 South African people have been affected by data breaches.
Global stats
Countries with the highest breach density in Q2 2025
Leaked accounts per 1,000 residents
- France – 172
- Israel – 130
- United States – 123
- Singapore – 26
- Canada – 24
- South Sudan – 23
- Belgium – 21
- Ireland – 16
- Switzerland – 16
- Germany – 15
Surfshark said a data breach happens when confidential and sensitive data gets exposed to unauthorised third parties.
More needs to be done
Surfshark’s data breach report provides critical insight into the vulnerability of the country’s cybersecurity; however, more needs to be done to protect South Africans from attack despite the Protection of Personal Information Act (Popia).
While artificial intelligence and Generative Artificial Intelligence (GenAI) are the most popular technologies in the news right now, there are concerns about the emerging technology landscape, which is putting people and businesses at risk.
South African organisations must increasingly prioritise cybersecurity defences to safeguard their digital infrastructure and maintain trust in an interconnected world.
ALSO READ: Average cost of a data breach in SA is R53.1m – Report