The latest study by cybersecurity company Surfshark ranks India as the 4th most breached country in Q3 2025, with 10.2 million leaked accounts. Globally, a total of 90.6 million accounts were breached, with France ranking first and amounting to 17% of all breaches from July through September. Germany takes second place, while the US is third, followed by India and Canada.
“The increase of AI tools means that even minor data breaches can now be leveraged at scale. Previously, exploiting leaked data required significant technical skill, but AI has lowered the barrier to entry, allowing malicious actors to rapidly analyze and weaponize even seemingly insignificant data, transforming leaked names, addresses, and preferences into highly personalized attacks,” says Sarunas Sereika, Senior Product Manager at Surfshark.
Overall, looking at different quarters of 2025, the number of global breaches is declining. In 2025’Q2, 899 accounts were being breached every minute. In 2025’Q3, however, breach rates are 22.3% lower, with 699 accounts being leaked every 60 seconds. The trend in India is the opposite. Breach rate is 386.6% higher in 2025’Q3 than it was in 2025’Q2, rising from 16.2 to 78.8 breached accounts per minute.
Since 2004, India is the 1st in Southern Asia, with 438M compromised user accounts. A total of 127M unique emails were breached from India. 173.2M passwords were leaked together with Indian accounts, putting 40% of breached users in danger of account take over that might lead to identity theft, extortion or other cybercrimes. Statistically, 30 out of 100 Indian people has been affected by data breaches, one of the highest rates in Southern Asia (5th).
Europe was the most affected region by breaches in Q3 2025, followed by North America and Asia
1 in 2.3 accounts breached in Q3 2025 originated from Europe, with 40% of these being French. North America accounts for 17% of the breaches (15.7M). An additional 15.6% of the accounts originated from Asia (14.1M). All other regions comprised around 5% of the years’s total, and almost 19% remain unknown.
In descending order, the ten most breached countries in Q3 2025 were France (15.5M), Germany (10.5M), the US (10.5M), India (10.2M), Canada (4.8M), Montenegro (3.1M), Russia (2.9M), the UK (2.5M), the Netherlands (1.2M), and Indonesia (943.7k).
METHODOLOGY
A data breach happens when confidential and sensitive data gets exposed to unauthorized third parties. In this study, we treat every breached or leaked email address used to register for online services as a separate user account, which may have been leaked with additional information, such as password, phone number, IP address, zip code, and more.
The data was collected by our independent partners from 29,000 publicly available databases and aggregated by email address. This data was then anonymized and passed on to Surfshark’s researchers to analyze their findings statistically. Countries with a population of less than 1M people were not included in the analysis.
The Data Breach World Map is updated quarterly with the most recent data from our independent partners. For the full methodology, please refer to: https://surfshark.com/research/data-breach-monitoring/methodology
