Egidio
Country report · 2025-2026

US Data Breaches: the raw material behind scams

A data breach almost never stays contained to the company that got hacked. Once your name, phone number or health record is out, it becomes the raw material for a scam call or text built specifically around you — not a random guess.

A record year for the number of breaches

3,322
Data compromises tracked by the Identity Theft Resource Center (ITRC) in 2025 — a new all-time record, up 79% over five years.
ITRC, 2025 Annual Data Breach Report, published January 2026. Accessed 07/15/2026.
278.8M
Victim notices issued in 2025 — lower than 2024's 1.37 billion only because 2024 included several exceptionally large "mega-breaches."
ITRC, 2025 Annual Data Breach Report. Accessed 07/15/2026.

Three documented 2025 incidents illustrate the scale, across three different sectors:

March 2025
AT&T — a $177 million settlement, granted preliminary approval in June 2025, resolving two separate breaches: a 2024 dark web exposure of data tied to roughly 73 million current and former customers, and a Snowflake cloud-platform breach exposing call and text records for about 109 million customer accounts. Combined, the settlement covers up to 182 million people.
June 2025
Aflac — a hacking incident, later linked to the Scattered Spider threat group, exposed highly sensitive personal and health data including Social Security numbers, ID numbers and medical information for roughly 22.65 million people worldwide, including at least 13.9 million individuals' protected health information in the US — the largest healthcare breach reported in 2025.
March 2025
Yale New Haven Health System — hackers accessed demographic and Social Security data for more than 5.5 million patients, one of several large healthcare breaches that together exposed over 35 million records reported to HHS's Office for Civil Rights in 2025.

Healthcare alone accounted for a disproportionate share of 2025's largest breaches: the ten biggest incidents reported to HHS affected over 20 million people combined, on top of the AT&T and other telecom and retail cases above.

The vocabulary to know

Have I Been Pwned

A free service built by security researcher Troy Hunt: enter your email to check whether it appears in a known data breach.

Credential stuffing

An attacker takes credentials stolen in one breach and tries them en masse on other sites, betting that you reused the same password elsewhere.

Password spraying

The reverse of classic brute-forcing: an attacker tries one very common password across a large number of different accounts, to stay under detection thresholds.

MFA fatigue

An attacker who already has your password triggers a flood of push notification approval requests, hoping you'll eventually tap "approve" out of annoyance or mistake.

SIM swap, another technique directly tied to exploiting leaked data, is detailed in the glossary.

🔒 Your data may have leaked through no fault of your own — but protection is still possible downstream. Egidio recognizes the patterns of calls and texts built from stolen data, even when they're personalized. See how Medusa works.

Frequently asked questions

How can I check if my data has been exposed?

Have I Been Pwned (haveibeenpwned.com) is a free service, built by security researcher Troy Hunt, that lets you check whether your email address appears in a known data breach.

Were 2025 breaches worse than previous years?

By count, yes: the Identity Theft Resource Center tracked 3,322 data compromises in 2025, a new all-time record and a 79% jump over five years. By number of people notified, 2025 was actually lower than 2024, because 2024 included several exceptionally large "mega-breaches" that inflated the victim count.

Why does a data breach lead to fraudulent calls and texts?

Because a breach often contains a name, phone number and sometimes details about your bank, employer or health provider — enough to build a call or text that sounds credible and personal, far more effective than a generic message sent at random.

Go further