Skip Navigation
File a Consumer Complaint
Report a Robocall/Text
  • Robocall Hotline:(844)-8-NO-ROBO
  • All Other Complaints:(877)-5-NO-SCAM
  • Outside NC:919-716-6000
  • En Español:919-716-0058

2025 Data Breach Report

In 2025, organizations across North Carolina continued to report data breaches affecting businesses, schools, government agencies, and nonprofits in our state. A record-setting total of 2,349 data breaches were reported to the North Carolina Department of Justice (NCDOJ), impacting 9,275,938 North Carolinians. Many North Carolinians’ information was compromised in more than one breach.

In North Carolina, businesses and government agencies are required by state law to report security breaches to NCDOJ. These reports include details about how the breach occurred, the information involved, how many people were affected, and steps the organization is taking to address the incident and strengthen its security. Our office reviews every notice and may investigate to determine whether the organization had reasonable safeguards in place to protect the data and responded appropriately when the breach occurred. When necessary, we take legal action to hold these companies responsible and make sure that companies strengthen their business practices to protect against future data breaches.

As more of our daily lives move online, the risk of data exposure grows. We share sensitive personal and financial data daily through online shopping, banking, accessing medical records, and more. While technology brings convenience, it also creates opportunities for criminals to gain access to your information.

This report outlines the types and trends of data breaches reported to NCDOJ in 2025 and gives tips to help North Carolinians protect their private information. For additional resources to protect your identity and data, or to report a scam or fraud, contact our office at 1-877-5-NO-SCAM or visit www.ncdoj.gov.

HIGHLIGHTS

 

Infographic titled “2025 Data Breaches by the Numbers” from the North Carolina Attorney General’s Office. It reports a record 2,349 data breaches in 2025. More than 9 million North Carolinians were affected. Hacking-related incidents accounted for 77% of breaches. Other types—accidental disclosures, lost or stolen data, and data theft—declined. Visual elements include an upward red bar chart arrow, icons of people, a hooded hacker at a laptop, and a lock symbol.

  • Businesses reported a record 2,349 data breaches in 2025, the highest number of breaches ever reported to our office.
  • More than 9 million North Carolinians were impacted by data breaches in 2025.
  • Hacking-related incidents remained the leading type of breaches, causing 77 percent, or more than three-fourths, of all reported data breaches in 2025.
  • Accidental release and public display breaches, lost data and stolen equipment incidents, and data theft by employees and contractors reports all decreased compared to prior years.

Since 2006, businesses have reported 19,318 data breaches that impacted 40,403,095 people in all.

Bar chart titled “Number of Security Breaches” showing a steady long-term increase from 75 breaches in 2006 to a record 2,349 in 2025. Growth accelerates after 2015, with notable jumps in 2020 (1,644), 2021 (2,009), and 2024–2025 (2,258 to 2,349), despite a slight dip in 2022.

Area chart titled “North Carolinians Impacted By Security Breaches” illustrating yearly totals from 2006 to 2025. The number fluctuates early on, then rises sharply in later years, peaking at 9,275,938 in 2025. Major spikes occur in 2017 (over 5.3 million) and again from 2023 to 2025 (about 5.0 million to over 9.2 million), indicating increasing impact over time.

Pie chart titled "2025 Security Breaches by Industry Type" showing 2,349 total breaches across six sectors. General Business accounts for the largest share at 53% (1,246 breaches), followed by Financial Services/Insurance at 18% (429), Healthcare at 14% (338), Educational at 7% (155), Religious/Nonprofit at 4% (91), and Government at 4% (90).

HACKING AND PHISHING

Hacking and phishing remain two of the most common methods criminals use to access private information. Hacking occurs when someone gains access to a computer system, network, or online account to steal, change, or expose data, and in 2025, hacking-related breaches represented 77 percent of the total security breaches reported.

Phishing attempts are often designed to look like official communications from trusted companies, coworkers, or government agencies to trick someone into clicking a malicious link, downloading an infected attachment, or sharing login credentials, and in 2025, phishing-related breaches represented 16 percent of the total security breaches reported.

Taking simple precautions can significantly reduce the risk of falling victim to a hacking or phishing scheme.

  • Carefully review emails, texts, and messages before clicking links or downloading attachments. Check the sender’s address, spelling, tone, and any unexpected requests. When in doubt, contact the company or person directly to verify.
  • Regularly update antivirus programs and security software on your computers, phones, and other smart devices. Updates often include security improvements.
  • Use strong, unique passwords for each account and change them regularly. Enable multi-factor authentication whenever possible.
  • Avoid accessing sensitive accounts or making financial transactions on public Wi-Fi networks, which are more vulnerable to hackers.
  • If you believe your information has been compromised, consider placing a free security freeze on your credit and monitoring your financial accounts closely for suspicious activity. To learn more, visit ncdoj.gov/securityfreeze.

Bar chart titled "Hacking Trends in NC" showing the annual number of hacking incidents in North Carolina from 2006 to 2025. Incidents grew slowly from 14 in 2006 to 230 in 2015, then accelerated sharply, reaching 1,116 in 2020 and peaking at 1,809 in 2025 — a nearly 129-fold increase over the 19-year period.

Bar chart titled "Phishing Trends in NC." It shows how many phishing attacks were reported in North Carolina each year from 2006 to 2025. Very few attacks were reported before 2016, with only 10 in 2015. After that, numbers jumped sharply — rising to 218 in 2016 and hitting a new high of 378 in 2025.

POWERSCHOOL DATA BREACH

In December 2024, PowerSchool, a company that sells software products used by schools across the country, was hacked. The hacker gained access to that software, potentially exposing Social Security numbers, addresses, and medical and disciplinary information of 62.4 million current and former students and teachers nationwide, including 4 million North Carolinians.

PowerSchool later paid a ransom to the hacker to delete the information that was stolen, but the hacker then tried to extort North Carolina public school districts again. Authorities later identified the hacker as Matthew Lane, and he pleaded guilty to cyber extortion conspiracy, cyber extortion, unauthorized access to protected computers, and aggravated identity theft.

Following the data breach, Attorney General Jackson issued a Civil Investigative Demand (CID) to PowerSchool to obtain detailed information about the cause of the breach and the company’s data security practices. The office’s investigation is ongoing.

ACCIDENTAL RELEASE AND DISPLAY

Data breaches can also occur through accidental release or display, when information is unintentionally shared with someone who is not authorized to see it. These incidents usually occur by sending private information to the wrong person, saving confidential files in an unsecured shared folder, or leaving a computer unmonitored in a public or high-traffic area. In 2025, accidental release and display incidents accounted for more than five percent of the total security breaches reported. Many of these situations are preventable with greater attention to everyday data handling practices.

To reduce the risk of accidental release or display:

  • Double-check email recipients and attachments before sending sensitive information, and only share what is necessary.
  • Log out of accounts and lock your computer when stepping away from your desk, especially in shared or public workspaces.
  • Avoid saving passwords on shared devices and never share login credentials with others.
  • Ensure confidential physical and digital files are stored in secure locations and not accessible to unauthorized individuals.

Bar chart titled "Trends in Accidental Release and Display Breaches: Number of Release & Display Breaches Reported Per Year" covering 2006–2025. Breaches rose from 15 in 2006 to a peak of 201 in 2013, then fluctuated between 122 and 179 through 2021, before declining to a range of 122–141 in recent years, ending at 124 in 2025.

LOST DATA AND STOLEN EQUIPMENT

Data breaches can also occur when laptops, phones, external drives, or other equipment containing sensitive information are lost or stolen. Data breaches caused by lost or stolen equipment continued to decline in 2025, with 14 breaches that account for just 0.60 percent of all attacks. To avoid losing equipment, store laptops and other electronic devices in locked, secure locations when not in use, and avoid leaving them unattended in vehicles or public spaces. If you can, add tracking to your devices so you know where they are, even if they get lost or stolen.

Bar chart titled "Trends in Lost Data and Stolen Equipment Breaches." It tracks how many breaches involved lost files or stolen devices each year from 2006 to 2025. Numbers stayed between 35 and 101 for most of the period, then dropped quickly in recent years, falling to just 14 in 2025 — the lowest on record.

DATA THEFT BY EMPLOYEES AND CONTRACTORS

Data theft by employees or contractors dropped by over half in 2025 compared to the previous year. These breaches occur when data is stolen by people who have access to it. Organizations that collect and store personal or financial information must carefully manage and monitor access to ensure that data is only used for business purposes.

Bar chart titled "Trends in Breaches Caused by Employee or Contractor Data Theft." It shows how many times employees or contractors stole data each year from 2006 to 2025. Cases grew to a high of 82 in 2014, then gradually fell. By 2025, only 24 cases were reported — the lowest since 2009.

EMAIL BREACHES

Email breaches increased by 78 reports in 2025, from 492 in 2024 to 570 in 2025, and represent 24.27 percent of all reported breaches. Email breaches include unauthorized access to email accounts, phishing attacks that compromise login credentials, and misdirected emails containing sensitive personal information. Email is a central communication tool, and it will always be a primary target for criminals.

  • Create strong, unique passwords for your email accounts and avoid reusing the same password across different platforms.
  • Activate multi-factor authentication on your email accounts to add an extra layer of protection and receive alerts if someone attempts to access your account.
  • Approach email links and attachments with caution and verify that the message comes from a trusted and legitimate source before opening or clicking on anything.

Bar chart titled "Breach Notices Submitted Involving Email." It shows how many data breach reports involved email each year from 2018 to 2025. Numbers ranged from a low of 431 in 2023 to a high of 637 in 2020. In 2025, there were 570 email-related breach reports, showing that email remains a common way data gets compromised.

RANSOMWARE ATTACKS

Ransomware attacks increased to 570 reports and contributed to more than half of all data breaches reported in 2025. Many ransomware attacks begin with a phishing attempt. This allows hackers to gain access to your device and network. Once they have access, they lock you out of your computer files, systems, or networks, and demand a ransom for their return. These attacks can disrupt operations for businesses, schools, hospitals, and government agencies, and often involve the theft of sensitive data in addition to system lockouts.

Follow these tips to protect yourself and your organization from ransomware:

  • Regularly train employees and users to recognize phishing attempts and other suspicious activity.
  • Keep operating systems, software, and security tools up to date to address known vulnerabilities.
  • Back up important data frequently and store backups securely so systems can be restored without paying a ransom.
  • Develop and routinely update an incident response plan that outlines how to contain an attack and notify affected individuals if necessary.
  • Limit user access privileges to reduce the likelihood that ransomware can spread across an entire network.

Bar chart titled "Breach Notices Submitted Involving Ransomware" covering 2018–2025. Ransomware-related breach notices were minimal in 2018 (22) and 2019 (35), then escalated sharply — reaching 356 in 2020, 857 in 2022, and 1,298 in 2025 — nearly a 59-fold increase over the seven-year period, reflecting ransomware's rapid growth as a cybersecurity threat.

DATA SHARING

23andMe Lawsuit

In 2025, Jeff Jackson filed a lawsuit in bankruptcy court against 23andMe to protect North Carolinians’ sensitive genetic information from being sold without their knowledge or consent. After filing for bankruptcy, 23andMe moved to sell the genetic data of more than 15 million customers nationwide to the highest bidder. NCDOJ had previously been investigating 23andMe following its 2023 data breach, which potentially exposed the genetic data of millions of people. As part of that investigation, Attorney General Jackson secured a consent order appointing a consumer privacy ombudsman to advocate for customers’ privacy and security interests throughout the sale process.

ARTIFICIAL INTELLIGENCE

As artificial intelligence continues to evolve and become more widely used, more people and businesses are inputting personal and financial information into this technology. While AI can be used for innovation and efficiency, it can also be misused by scammers seeking to commit fraud and steal your information. In 2025, Attorney General Jeff Jackson formed a bipartisan, nationwide AI task force alongside Utah Attorney General Derek Brown. The attorneys general have collaborated with leading AI developers, including OpenAI and Microsoft, to address the fast-evolving AI landscape. The task force is focused on identifying emerging risks, promoting responsible innovation, and developing safeguards to better protect consumers and their personal information from AI-enabled misuse.

CONCLUSION

The North Carolina Department of Justice remains committed to keeping North Carolinians informed about emerging scams and fraud schemes. By tracking data breach trends and holding companies accountable for safeguarding sensitive information, the NCDOJ works to protect personal data and strengthen consumer privacy protections statewide. Learn more about protecting your information and reporting concerns at https://www.ncdoj.gov/internet-safety.