Darkweb monitoring firm NordStellar tracked a whopping 3,031 data leaks in 2025, and while that figure may have dropped 36.9 per cent year-on-year, the highest-profile breaches still contained a staggering amount of data.
Researchers and NordStellar and NordVPN have analysed the data exposed by these breaches – email addresses, credentials, and other identifiers and personal data – and come up with the five largest, most damaging breaches for 2025.
1. Under Armour
The Everest ransomware group stole hundreds of gigabytes of data from the popular sportswear brand in November 2025, equating to dataset containing more than 191 million records and 72.7 million unique email addresses. The data also included gender details, dates of birth, geolocation data, and purchasing histories.
2. Prosper Marketplace
US-headquartered peer-to-peer lending firm Prosper Marketplace disclosed it had discovered unauthorised activity on its network in September 2025. The investigation that followed revealed that a hacker – the identity remains unknown – had been active on the company’s network between June and August 2025, which resulted in the compromise of 17.6 million accounts, including email addresses, names, government IDs, and income data.
3. Vietnam Airlines
Vietnam Airlines was one of many victims of last year's Scattered LAPSUS$ Hunters campaign targeting Salesforce instances, alongside Australia’s national carrier, Qantas. The hackers published a 64-gigabyte dataset on their leak site, containing 7.3 million unique customer email addresses, alongside physical addresses, phone numbers, dates of birth, genders, names, nationalities, and usernames.
4. The Pass’Sport program
The French Pass’Sport program is a government subsidy provided yearly to sports clubs in the country, and in December 2025, 6.5 million unique email addresses and the details of about 3.5 million households were posted to a popular hacking program. The data – which also included names, gender information, phone numbers, and physical addresses – was posted as punishment for the arrests of hackers with links to ShinyHunters and IntelBroker.
5. Bouygues Telecom
France’s third-largest telco disclosed it had fallen victim to a cyber attack in August 2025. Soon after, the details of 6.4 million customers, including physical addresses, dates of birth, names, and phone numbers, were posted to a hacking forum.
What to expect in 2026
“We expect criminals to rely on infostealer malware, phishing, and ransomware extortion to obtain and monetise credentials,” Karolis Arbaciauskas, head of product at NordPass, said in a statement.
According to Arbaciauskas, large language models will continue to enhance cyber criminal activity, with AI tools improving phishing emails, voice cloning, and deepfakes. Agentic software will also come into play, automating processes and helping criminals spot network weakpoints faster.
“Businesses and individuals need to stay alert and update their security practices. Strong password policies, multi-factor authentication, and regular software updates should remain key defences against these threats,” Arbaciauskas said.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.