From airlines to telecoms, no industry was spared in a wave of data breaches that exposed names, passwords and sensitive data from millions of users.
Hundreds of millions of private records, including passwords, home addresses, and even medical histories, have spilled onto the dark web in the past year, according to new analysis from Proton.
Launching its Data Breach Observatory, a new platform for tracking cybercrime activity across the dark web, the VPN provider revealed that hackers have leaked over 300 million private records across 794 breaches in 2025 alone.
Among the worst breaches flagged by Proton, dubbed ‘mega-exposures’, were those suffered by Qantas Airlines, which was hit with 11.8 million exposed records, and SkilloVilla, an Indian ed-tech firm whose leak dumped over 33 million records onto the dark web
Meanwhile, European telecom firms PhoneMondo, Orange Romania and French firm Free, saw more than 33 million private customer records exposed between them, with Singaporean IT company amai responsible for over 10 million leaked records alone.
Worryingly, Proton claims that almost half (49%) of all data breaches contained password information, while more than a third (34%) held sensitive data, like government IDs, health records, or other personally identifiable information.
Just as bad, in 72% of cases, phone numbers and home addresses were exposed. Names were leaked in 90%, and email addresses featured in every single breach, raising concerns around targeted phishing campaigns.
After a year of repeated, high-profile cyber-attacks targeting the British high street, it’s no surprise that the data shows hackers hit retail hardest, accounting for more than a quarter (25.3%) of breaches, while tech firms (15%) and media (10.7%) lagged behind.
However, even a cursory scroll through Proton’s dataset shows that almost every sector has been hit by these leaks, with business and financial services, insurance firms, education institutions, public sector orgs and non-profits all suffering.
Proton’s findings shed new light on threat actors’ preferred targets. While larger firms may offer higher financial rewards, they accounted for just 13.5% of breaches, with enterprise-level organisations making up only 15.9%.
The data suggests that hackers instead overwhelmingly target small and medium-sized businesses, which accounted for 70.5% of breaches in the past year, largely due to their limited security infrastructure and ease of access.
“Many breaches go unreported or even undetected — without dark web monitoring, you might not even know you’ve been hacked,” said Eamonn Maguire, Proton’s head of anti-abuse and account security.
“Tracking business data breaches is one of the most effective ways to understand and prevent future breaches. The Data Breach Observatory raises awareness about just how common data breaches really are, tracking major dark web leaks and identifying exposure patterns by industry and company size.
“Instead of relying on a biased sample of self-reported breaches, we can take a realistic look at the data breach landscape and assess the actual threats.”
