Surfshark’s global data breach analysis ranks South Africa as the 27th most-breached country in Q1 2025, with 205 900 leaked accounts.
Globally, a total of 68,3-million accounts were breached, with the US ranking first and amounting to 25% of all breaches from January through March.
Russia takes second place, while India is third, followed by Germany and Spain.
“Although the number of vulnerable accounts in all major regions decreased in Q1 2025 compared to the previous quarter, people should remain vigilant,” says Luís Costa, research lead at Surfshark. “Cyberthreats continue to evolve and attackers are constantly adapting their tactics.
“To protect personal and organisational data, it is essential to follow strong security practices, regularly update passwords, enable 2FA, and stay informed about potential risks.”
Surfshark’s analysis of data breaches since 2004 shows:
- South Africa is the second in Africa, with 42,6-million compromised user accounts.
- A total of 12,7-million unique emails were breached from South Africa.
- 22,6-million passwords were leaked together with South African accounts, putting 53% of breached users in danger of account take over that might lead to identity theft, extortion or other cybercrimes.
- Statistically, 66 out of 100 South African people has been affected by data breaches.
“On a regional (Africa) scale, 19 accounts are breached per 100 people on average,” comments Costa. “However, in South Africa, this number goes up to 66 per 100 people. Statistically speaking, 66 out of 100 South African people has been affected by data breaches.”
South Africa has had a total of 123,5-million personal records exposed since 2004. On average, each email is breached with 2,9 additional data points.
Golbally, the number of global breaches is declining: in Q4 2024, 75 13 accounts were being breached every minute; in Q1 2025, however, breach rates are 93% lower, with 527 accounts being leaked every 60 seconds.
Although the numbers remain prominent, the trend is evident in South Africa too. The breach rate is 80% lower in Q1 2025 than it was in Q4 2024, falling from 7,94 to 1,58 breached accounts per minute.
In descending order, the 10 most breached countries in Q1 2025 were the US (16,9-million), Russia (4,4-million), India (4,2-million), Germany (3,9-million), Spain (2,4-million), the UK (2,2-million), France (2,1-million), Canada (890 000), Argentina (790 000), and South Sudan (730 000).