Nigeria recorded 281,500 leaked accounts in the first quarter of 2026, ranking as the 34th most breached country globally, according to a review of global data breaches. The report, released by cybersecurity firm Surfshark, highlighted that worldwide, 210.3 million accounts were breached between January and March, with the United States leading and accounting for 29% of all breaches.
Global Breach Rankings
France took the second position, followed by India in third place, with Brazil and the United Kingdom completing the top five. Surfshark, headquartered in Amsterdam, Netherlands, conducted the quarterly analysis of global data breaches.
Nigeria's Historical Data
Since 2004, Nigeria has been the third most breached country in Sub-Saharan Africa, with 24.1 million compromised user accounts. A total of 7.5 million unique email addresses have been compromised, and 13 million passwords have been leaked alongside Nigerian accounts. This puts 54% of breached users at risk of account takeover, which could lead to identity theft, extortion, or other cybercrimes.
Statistically, 10 out of every 100 Nigerians have been affected by data breaches. The scope of exposed information often includes highly sensitive personal data such as Social Security Numbers (3,900), financial data like payment card numbers (1,600), and contact information including phone numbers (1.9 million) and addresses (925,800).
Global Trends
Globally, the number of breached accounts tripled in Q1 2026 compared to the same period in 2025 and increased by 22% compared to the last quarter of 2025. An important trend noted is that in 2025, 20.2% of companies reported using artificial intelligence, up from 8.7% in 2023, meaning adoption has more than doubled over the past two years.
Expert Insights
According to Tomas Stamulis, Chief Security Officer at Surfshark, as companies rapidly adopt AI, they increase the amount of user data stored, expand the number of digital systems they use, and integrate more platforms to manage larger volumes of user data. With data breaches becoming a daily risk for companies, Stamulis expressed deep concerns about businesses forcing users to create accounts and provide personal information to complete an online purchase when there is no clear need for it.
He reminded people of the main habits of personal data hygiene in the age of AI: provide real data such as your primary email address, telephone number, home address, and other sensitive personal information only when there is a critical need, such as filling out official forms. In other cases, use an alternative identity or email masking services, and avoid providing your data unless necessary.
