Call us Toll Free (USA): 1-833-844-9468     International: +1-603-280-4451 M-F 8am to 6pm EST

Top 10 breached countries: see how data breach statistics changed in a year

Cybercriminals steal personal data from hundreds of websites every day, using it to execute cyberattacks, sell on the black market, or leak on the dark web. According to data presented by Cybernews, the number of data breach victims in 2023 decreased by 50% compared to 2022. 

Based on the Cybernews Personal Data Leak Checker tool, a 500GB database of leaked hashed emails, over 71M accounts were leaked in 2023. In 2022, there were more than 144M.

According to the Cybernews tool’s findings, in 2023, 3336 websites were breached in the ten most-breached countries – 19% less than the 4138 breached websites in 2022. To get a feel for the scope, there were an average of 278 successful website breaches per month in 2023 in the ten most-breached countries. 

Threat actors can steal email addresses, passwords, credit card numbers, and other data from companies, buy personal data on darknet marketplaces, or steal it directly from you as part of a hack. Even with a small amount of leaked data, malicious actors can steal other credentials, try to use the data for phishing attacks, spam or even ruin a person’s finances or reputation,” Cybernews Head of Security Research Vincentas Baubonis warns. 

The USA and the UK remain amongst the most targeted countries in the world

Personal data leak checker statistics show that the five most breached countries in 2023 were the United States, the United Kingdom, France, India, and Canada. It’s important to note that this list of the top ten countries breached in 2023 is made according to the number of breached websites, not breached accounts, in each country. 

The country that has been most targeted over the past two years is the United States. Despite that, we see a positive trend overall, as the number of breached websites and accounts decreased in 2023. The number of breached websites decreased by almost 13% and breached accounts by 19%. 

The number of breached accounts has also fallen in the United Kingdom from 1.9M to 1.25M, and successful attacks on websites have been reduced by 18%. 

Global improvement visible 

In France, the number of breached websites fell by almost 18%, and 88.6% fewer accounts were breached in 2023 compared with 2022. 

Meanwhile, in 2023, 524K Canadian accounts were affected, a halved number from 2022, leaving Canada the fifth most breached country on the list.

In tenth-ranked Brazil, the number of breached websites dropped by 19%. Breaches of Indian accounts fell from 10M to slightly more than 3M. Compared to 2022, Germany dropped to 6th from 4th place in the top ten list. Meanwhile, Colombia rose from 13th to 8th place with 311 breached websites in 2023. 

Decreasing numbers are seen in all ten countries on the list, except for Spain. Although the number of breached websites decreased, the number of breached user accounts grew by slightly more than 19,000 in 2023 compared to 2022.

According to Baubonis, online breaches are usually followed by certain suspicious activity that users should treat as warning signs that one or more of their accounts have been breached.

You could start getting more spam messages than usual, receiving two-factor authentication notifications on mobile devices or password reset notifications. If you notice one or more of the warnings mentioned above, change the password for all your accounts that use the compromised email address. Also, get a reliable password manager to generate strong passwords and use two-factor authentication (2FA),” the researcher recommends.

Methodology and sources

The data provided in this article was collected from the Cybernews Personal Data Leak Checker tool between January and December of 2023 (inclusive), and the numbers were compared to those from the same period of 2022. 

The Cybernews Personal Data Leak Checker now includes more than 15 billion breached accounts and 2.5+ billion unique email addresses. The Cybernews free tool database contains nothing more than the breached but hashed email addresses and leak sources. All emails are anonymized and linked only to the source of their respective leak. Cybernews does not collect entered emails – nothing is logged when users perform the data leak check.

Press Release by Cybernews

Media Contact


12th Anniversary Top InfoSec Innovator & Black Unicorn Awards for 2024 are now Open! Finalists Notified Before BlackHat USA 2024...