A latest study by cybersecurity company Surfshark has ranked Nigeria as the 16th most breached country in Q3 2025, with 408,900 leaked accounts.
It was revealed yesterday that in 2025, the country had witnessed 566,300 breached accounts.
Senior Product Manager at Surfshark, Sarunas Sereika, said, “The increase of AI tools means that even minor data breaches can now be leveraged at scale. Previously, exploiting leaked data required significant technical skill, but AI has lowered the barrier to entry, allowing malicious actors to rapidly analyse and weaponise even seemingly insignificant data, transforming leaked names, addresses, and preferences into highly personalised attacks.”
Overall, looking at different quarters of 2025, the number of global breaches is declining. In 2025 Q2, 899 accounts were breached every minute. In 2025 Q3, however, breach rates are 22.3 per cent lower, with 699 accounts being leaked every 60 seconds. The trend in Nigeria is the opposite. The breach rate is 10 times higher in Q3 2025 than it was in Q2 2025, rising from 0.3 to 3.2 breached accounts per minute.
Surfshark’s analysis of data breaches since 2004 showed that Nigeria ranked third in Sub-Saharan Africa, with 23.7 million compromised user accounts. A total of 7.6 million unique emails were breached from Nigeria. 13.1 million passwords were leaked together with Nigerian accounts, putting 55 per cent of breached users in danger of account takeover that might lead to identity theft, extortion, or other cybercrimes. Statistically, 10 out of 100 Nigerian people have been affected by data breaches.
Europe was the most affected region by breaches in Q3 2025, followed by North America and Asia
According to the report, one in 2.3 accounts breached in Q3 2025 originated from Europe, with 40 per cent of these being French. North America accounts for 17 per cent of the breaches (15.7 million). An additional 15.6 per cent of the accounts originated from Asia (14.1 million). All other regions accounted for around five per cent of the year’s total, and nearly 19 per cent remained unknown.
In descending order, the 10 most breached countries in Q3 2025 were France (15.5 million), Germany (10.5 million), the U.S. (10.5 million), India (10.2 million), Canada (4.8 million), Montenegro (3.1 million), Russia (2.9 million), the UK (2.5 million), the Netherlands (1.2 million), and Indonesia (943,700).
