The Identity Theft Resource Center’s 2025 H1 Data Breach Report is out. AI-powered phishing attacks continue to rise, phishing/smishing/BEC topped the list of known attack vectors, the supply chain is a critical weakness, breach notifications still lack critical details, and financial and healthcare sectors remain prime targets.
Here are some highlights:
“The overwhelming majority of data breaches in H1 2025 were the result of cyberattacks, with 1,348 incidents reported, impacting 114,582,621 victims.”
“Supply chain attacks have proven to be a significant and growing threat. In the first half of the year, 79 such breaches were reported, affecting 690 entities and compromising the data of 78,320,240 individuals.”
“The broader cybersecurity landscape in 2025 is marked by the continued rise of AI-powered phishing attacks, which are more sophisticated and harder to detect.”
Phishing, smishing, and business email compromise (BEC), grouped as a single category, topped the list of attack vectors, responsible for 251 breaches, 46.5% of all breaches where an attack vector was disclosed.
69% of all breach notices (1,191 out of 1,732) failed to include any details on the attack vector, a continuing trend that hampers situational awareness and organizational defense.
“The financial services and healthcare industries continue to be the most targeted sectors, with 387 and 283 compromises, respectively. While the number of compromises in financial services is slightly down from H1 2024, the healthcare sector saw an increase in breach events.”
Read the full report here: https://www.idtheftcenter.org/publication/itrc-h1-2025-data-breach-report/