The Identity Theft Resource Center’s 2025 Data Breach Report has revealed a staggering increase in data breaches, reaching the highest number recorded to date. Despite this alarming trend, the report highlights a significant drop of 79% in victim notifications year-over-year. This shift suggests that cybercriminals are moving away from large-scale breaches that characterized 2024, opting instead for more frequent and targeted attacks on high-value data sources.
As we enter 2026, the implications of these changes are becoming clearer. In January alone, several high-profile data incidents captured public attention, revealing the ongoing challenges in cybersecurity.
One notable incident involved Target, which reported on January 13 that internal source code and developer documentation had been compromised, totaling approximately 860 GB. This breach is particularly concerning as it focuses on the organization’s source code rather than customer data, potentially increasing Target’s vulnerability to future cyber threats.
On January 9, the hacker forum BreachForums also fell victim to a data breach, exposing metadata for 324,000 individuals, including usernames, email addresses, registration dates, and IP addresses.
Meanwhile, U.S. Immigration and Customs Enforcement (ICE) faced a substantial data leak that exposed sensitive information on 2,000 agents and 150 supervisors. This incident, one of the largest breaches of its kind for the department, was compounded by a cyberattack targeting the same database shortly after the leak.
Monroe University confirmed a breach affecting approximately 320,000 individuals, with sensitive personal information compromised, including Social Security numbers and medical data. The breach, which occurred on December 23, 2024, was only disclosed to victims on January 2, 2026, with a lawsuit now filed against the institution.
Additionally, state departments of human services reported two distinct data incidents in January that collectively affected around one million individuals. One incident was the result of accidental data leakage while the other involved unauthorized access.
Under Armour also experienced a data security issue in November 2025, with sensitive customer data including 72 million email addresses leaked on January 21, 2026. Experts have indicated that while the sheer volume of exposed emails is alarming, the potential exploitation of these emails poses an even greater concern.
Finally, cybersecurity researcher Jeremiah Fowler uncovered a database containing 149 million credentials, amounting to approximately 96 GB. This sensitive data, which includes emails, usernames, and passwords, raises questions about how it was initially collected and the threats it may pose to individuals globally.
As these incidents illustrate, the landscape of cyber threats continues to evolve, emphasizing the need for heightened vigilance and robust security measures. While the number of breaches has increased, the decline in victim notifications may reflect a shift in attack strategies rather than a decrease in overall risk. Moving forward into 2026, the focus will inevitably be on how organizations adapt to this changing threat environment and enhance their defenses against future breaches.