Nigeria recorded an 85% decline in account data breaches in Q1 2025 compared to the final quarter of 2024, according to a new report by cybersecurity firm Surfshark. The country reported 119,000 compromised accounts between January and March, down sharply from 786,317 breaches in the previous quarter.
The sharp drop signals a possible turning point for digital safety in Africa’s largest internet market, following years of rising cyber threats and inadequate consumer protection. While Nigeria still ranks 34th globally for data breaches and third in Sub-Saharan Africa in cumulative exposure since 2004, the decline suggests meaningful progress in protecting everyday users, particularly those most vulnerable to cybercrime, as the country slowly strengthens its digital security posture.
The data, which Surfshark compiled from over 29,000 public databases, shows that globally, the total compromised accounts dropped by 93%, from 973.7 million in Q4 2024 to 68.3 million in Q1 2025. The most affected countries with these breaches include the United States (16.9 million breaches), Russia (4.4 million), India (4.2 million), Germany (3.9 million), and Spain (2.4 million).
In Sub-Saharan Africa, since 2004, Nigeria has recorded over 7 million compromised accounts that have unique email addresses, bringing the country’s record to a total of 23.2 million account breaches. The country also had 13 million passwords of its citizens leaked over the years, placing users at risk of identity theft, account takeovers, extortion, and other cybercrimes.
“Although the number of vulnerable accounts in all major regions decreased in Q1 2025 compared to the previous quarter, people should remain vigilant,” said Luís Costa, research lead at Surfshark. “Cyberthreats continue to evolve, and attackers are constantly adapting their tactics.”
Costa advised individuals and organisations to adopt strong security practices, including regular updating of passwords, enabling two-factor authentication (2FA), and staying informed about potential risks.
“To protect personal and organisational data, it is essential to follow strong security practices, regularly update passwords, enable 2FA, and stay informed about potential risks,” he added.
