Proton on Thursday announced a new initiative to help improve online security by detecting data breaches well before companies acknowledge they’ve been hacked and that attackers may have stolen personal data belonging to their customers. Called Data Breach Observatory, the new tool will monitor the Dark Web, where cybercriminals routinely trade data obtained from hacks. Proton will monitor the Dark Web in real time and inform the public about new data breaches as they happen. If the Observatory works as intended, Proton might discover data breaches before companies become aware of the attacks. The company might also disclose the hacks before the firms acknowledge the issues.
The Swiss software developer is already known for developing several end-to-end encrypted apps, including Proton Mail, Proton VPN, and Proton Pass. The software suite also informs users about some data breaches (the Dark Web Monitoring feature). The newly announced Data Breach Observatory will go beyond that, looking at all data breaches that hackers advertise on the Dark Web. Proton’s new tool should give companies and consumers “previously unobtainable transparency,” as the data won’t come from self-disclosures by targeted companies.
Data from the Observatory might also help ensure that more data breaches are disclosed. The company notes that some of the affected businesses do not always choose to disclose attacks, out of embarrassment. Also, Proton might inform companies about new attacks, even before they become aware they’ve been breached.
What personal data is sold on the Dark Web?
Proton said in a press release that the initial launch of the Data Breach Observatory will feature a roundup of notable breaches the company uncovered in 2025. The company saw 794 incidents that exposed more than 300 million records from identifiable sources. These are all attacks hackers conducted this year and then attempted to sell the information online. Proton added that if it were to compile data from previous attacks, also available online, the true scale of records exposed on the Dark Web in 2025 is closer to 1,571 incidents and hundreds of billions of records.
Proton explained that small and medium businesses are particularly vulnerable to attacks. Companies with 10-49 employees and those with 50-249 employees accounted for 48% of breaches. Companies with fewer than 10 employees accounted for 23% of attacks. Retail and wholesale trade firms were the most frequently targeted by hackers (25.4%), followed by tech firms (15%) and media and entertainment companies (11%).
Proton also compiled a list of personal data items that are traded on the Dark Web, saying that names and email addresses are the most commonly shared items:
- email addresses – 100% of exposures
- names – 90% of exposures
- contact information (phone numbers, addresses) – 72% of exposures
- passwords – 49% of exposures
- sensitive information (government records, health information) – 34% of exposures
The Data Breach Observatory tool will continuously monitor for attack disclosures on the Dark Web, and Proton will release timely reports. Whether you’re a user of Proton services or not, the Observatory might help you secure your data with these timely updates, and you won’t have to pay any fees for the reports.
