The latest study from cybersecurity specialists Surfshark ranks South Africa as the 36th most breached country in Q3 2025, with 100 600 leaked accounts.
Globally, a total of 90,6-million accounts were breached with France ranking first and accounting for 17% of all breaches from July through September. Germany takes second place, followed by the US, with India and Canada rounding out the top five.
“The increase of AI tools means that even minor data breaches can now be leveraged at scale,” says Sarunas Sereika, senior product manager at Surfshark. “Previously, exploiting leaked data required significant technical skill, but AI has lowered the barrier to entry, allowing malicious actors to rapidly analyse and weaponise even seemingly insignificant data – transforming leaked names, addresses, and preferences into highly personalised attacks.”
Overall, looking at different quarters of 2025, the number of global breaches is declining. In 2025 Q2, 899 accounts were being breached every minute. In 2025 Q3, however, breach rates are 22,3% lower, with 699 accounts being leaked every 60 seconds. Although the numbers remain prominent, the trend is evident in South Africa too. The country’s breach rate is 83,9% lower in Q3 2025 than it was in Q2 2025, falling from five to 1 breached accounts per minute.
Surfshark’s analysis of data breaches since 2004 shows that South Africa ranks second in Africa with 43,7-million compromised user accounts. A total of 12,8-million unique emails were breached from South Africa and 22,9-million passwords were leaked together with local accounts, putting 52% of breached users in danger of account takeover that might lead to identity theft, extortion, or other cybercrimes. Statistically, 68 out of 100 South African people have been affected by data breaches.
1 in 2.3 accounts breached in Q3 2025 originated from Europe, with 40% of these being French. North America accounts for 17% of the breaches (15,7-million). An additional 15,6% of the accounts originated from Asia (14,1-million). All other regions accounted for around 5% of the year’s total – and nearly 19% remained unknown.
In descending order, the 10 most breached countries in Q3 2025 were France (15,5-million), Germany (10,5-million), the US (10,5-million), India (10,2-million), Canada (4,8-million), Montenegro (3,1-million), Russia (2,9-million), the UK (2,5-million), the Netherlands (1,2-million), and Indonesia (943 700).