An annual report for the Identity Theft Resource Center has found that there were a record 3,322 compromises of data in in the United States 2025, but there has been a significant decline in consumer notifications.
According to ITRC’s Annual Data Breach Report, “transparency is on life support” despite a 79% increase in data compromises over the last five years. It wasn’t long that nearly every company gave details of a data breach. However, in 2025, only 30% of companies provided details. This development “creates an environment where consumers and small businesses, in particular, are essentially ‘operating blind,’” said ITRC.
The number of individual victim notices saw a 79% decrease in 2025, compared with the prior year.
“This divergence indicates that while attackers are more active, they shifted away from the mega-breaches of 2024 (such as Ticketmaster and Change Healthcare) toward more frequent, targeted attacks on high-value data repositories,” ITRC said.
The nonprofit noted many state laws don’t require notifications if the company determines there was no risk of harm to consumers, and most states set a minimum number of affected individuals to trigger notifications. Therefore, the number of data breaches and the amount of notifications could be considered conservative estimates.
Meanwhile, hackers have changed tactics. ITRC’s analysis found a shift to “static identifiers” such as Social Security, driver’s license, and bank account numbers rather than credit card information, which can easily be changed. Compromises involving these identifiers jumped considerably over the last five years.
In addition, old data is held onto and reused with the help of artificial intelligence. Hackers use AI “repackage old stolen records to launch new attacks,” said ITRC. One of the top compromises in 2025 used data obtained in a 2021 breach of AT&T.
Phishing, smishing (using texts), and business email compromises remain the top cause of data breaches in 2025, while ransomware attacks for the second straight year. With the assistance of Bluetooth-enabled devices, hackers increased the use of physical skimming in 2025.
The most important insurance news,in your inbox every business day.
Get the insurance industry’s trusted newsletter
