141 million breached files reveal data exposed.
Update, July 29, 2025: This story, originally published on July 28, has been updated with additional information from the Anatomy of a Data Breach report that analyzed 141 million compromised files from 1,257 breach incidents, along with data from a newly published Zscaler threat report.
It is a sad reflection of the times, as far as data breaches and leaks are concerned, that news of an analysis of 141 million files from 1,257 breaches, including ransomware attacks, hardly registers as being a large number. At least not in the context of aggregated criminal databases containing 16 billion login credentials, or even the recent news of 184 million plaintext passwords found online. The truth is that with the availability and ease of use of infostealers-as-a-servce, which cost hackers as little as $30 a month to rent, you can only expect these numbers to grow. The importance of the 141 million files, however, lies not in the overall number but in the data that is contained within. What is being claimed as the “biggest ever content-level analysis of breached datasets” has revealed just how concerned everyone should be.
The Biggest Content-Level Data Breach Analysis
In its Anatomy of a Data Breach report, Lab 1 has compiled the results of what it said was the biggest content-level analysis of data breach files ever.
The analysis, based on 141,168,340 records included in a total of 1,297 ransomware and data breach incidents, reconstructed from “forensic acquisitions of compromised systems,” according to Lab 1, is worthy of note as it didn’t just look at dumps of structured data, which ordinarily focus on credentials above all else. Instead, Robin Brattel, Lab 1 CEO, said, the analysis “focused on the huge risks associated with unstructured files that often hold high-value information, such as cryptographic keys, customer account data, or sensitive commercial contracts.”
And, oh boy, did it reveal those huge risks, and then some.
- Financial documents were present in 93% of incidents.
- Financial documents accounted for 41% of all analyzed files.
- Bank statements were present in 49% of incidents.
- International Bank Account Numbers were found in 36% of the breached data sets.
- Customer and corporate personally identifiable information was found in 82% of breaches.
- 67% of that breached PII involved customer service interactions.
- 51% of incidents included email leaks that contained U.S. social security numbers.
- Cryptographic keys, with the power to bypass authentication protections, were found in 18% of all the breaches.
- Code files accounted for 17% of all exposed files.
“With cybercriminals now behaving like data scientists to unearth these valuable insights to fuel cyberattacks and fraud, unstructured data cannot be ignored,” Brattel warned. Organizations simply must understand the kind of information that has been leaked in any data breach, and beyond that, how it can be used in ongoing attacks and exactly who could be impacted.
Data Breach Demand Is Fuelling Ransomware Attack Growth
Another in-depth analysis, this time published by Zscaler ThreatLabz on July 29, the 2025 Ransomware Report, has revealed the extent to which compromised data is now driving the ransomware attack landscape. “Ransomware tactics continue to evolve, with the growing shift toward extortion over encryption as a clear example,” said Deepen Desai, Cybersecurity executive vice president at Zscaler, “GenAl is also increasingly becoming part of the ransomware threat actor’s playbook, enabling more targeted and efficient attacks.”
The demand for data is undoubtedly driving the steady growth in ransomware attacks, although steady growth could be something of an understatement according to the latest Zscaler ThgreatLabz analysis. Zscaler cloud protections have seen a 146% year-over-year increase when it comes to blocking ransomware attacks, a rate which researchers have said is alarming.
“This escalation reflects a strategic shift,” the researchers concluded, that “ransomware groups are increasingly prioritizing extortion over encryption.” And that has meant a 92% “increase in the total volume of exfiltrated data by 10 major ransomware groups in the past year.” If you want numbers, the report said this meant a rise from 123 TB to 238 TB.
Source link
