Technology, education and e-commerce organisations were among the most heavily targeted sectors in a wave of global data breaches that exposed more than 7.8bn email records over a three-year period, according to research by NordPass.
The analysis reviewed nearly 10,000 major incidents and found that email addresses appeared in 90 per cent of breaches. Around 32 per cent of incidents exposed user credentials, while 12.3 per cent included sensitive government-issued identifiers such as social security numbers.
Karolis Arbaciauskas, head of product at NordPass, said industries handling large volumes of personal data had become particularly attractive targets for cybercriminals. “Technology, education and e-commerce platforms serve vast user bases and store significant amounts of personal information,” he said. “That combination makes them both valuable and vulnerable.”
Other sectors frequently affected included retail, finance, hospitality, media and manufacturing. Although financial services experienced fewer breaches overall, the incidents that did occur tended to be larger in scale, exposing a greater number of email records on average.
Researchers noted that the total number of recorded leaks declined in 2025 across most industries. However, they cautioned that a drop in incident volume did not necessarily translate into lower risk.
“Leak activity remains concentrated in highly digital sectors that collect large volumes of credentials and personal data,” Arbaciauskas said. “Several industries recorded larger average breach sizes, meaning the potential impact can still increase even when the number of incidents falls.”
Mantas Sabeckis, senior threat intelligence researcher at Nord Security, said the trend partly reflected evolving tactics among cybercriminals. Instead of relying on large public database dumps, attackers increasingly used so-called infostealer malware to harvest credentials in near real time and gain direct access to targeted services.
Law enforcement action may also have played a role. The takedown of several leak forums and online marketplaces in 2025 reduced the visibility of stolen databases and pushed activity into smaller, more private channels.
The research also highlighted differences between the public and private sectors. Private organisations accounted for more than half of identified exposures, with 1,632 leaks compared with 317 affecting government entities. Commercial datasets were often considered more lucrative for criminals seeking to monetise stolen information through phishing, fraud and account takeovers.
While less frequent, breaches involving government institutions can still carry significant consequences because of the sensitivity of the information involved.
Researchers said reducing the impact of breaches required action from both organisations and individuals, including stronger credential protection, improved monitoring for leaked data and wider adoption of multi-factor authentication.
