From airlines to telecoms, no industry has been spared in 2025's relentless wave of data breaches. Launching its Data Breach Observatory, a new platform for tracking cybercrime activity across the dark web, the VPN provider revealed that hackers have leaked over 300 million private records across 794 breaches in 2025 alone. These personal records included passwords, home addresses, and even sensitive medical information.
Our experts report that cyber criminals have grown increasingly organised and opportunistic, exploiting unpatches systems, weak authentication, and unsecured cloud environments. The dark web has become a bustling marketplace for stolen data - and for many victims, the breach often goes unnoticed until it's too late.
Among the largest "mega-exposures" of 2025 were the breaches at Qantas Airlines (11.8 million records) and Indian ed-tech firm SkilloVilla (33 million records). Closer to home, several European telecom providers, including Orange Romania and Free (France), collectively lost more than 30 million customer records to hackers.
Even some IT companies - often seen as tech-savvy and well-defended - have been hit hard. A Singapore-based firm alone leaked over 10 million user records this year, highlighting the widening global attack surface.
"The size of these breaches is staggering, but what's even more concerning is how accessible this stolen data has become," said one of our Cyber Security experts. "Once credentials are leaked, they're often bundled, sold, and reused across multiple attacks. For SMEs, that means one breach elsewhere can quickly become your problem."
The data tells a worrying story. While large enterprises grab the headlines, it's small and medium-sized businesses that make up the majority of the victims - accounting for more than 70% of known breaches in 2025.
Why? Limited security budgets, legacy systems, and a lack of continuous monitoring make SMEs far easier to compromise. Attackers know that even one exposed password can open the door to business email compromise (BEC), ransomware, and data theft.
"We're seeing a clear shift towards automation is attacks," explain one of our Cyber Security experts. "Hackers are using AI-driven tools to scan the internet for vulnerable businesses - and once they find a way in, they move fast. This isn't targeted crime anymore; it's industrial-scale."
Analysts found that in nearly half of all recorded breaches this year, passwords were directly exposed. In over a third, sensitive data such as government IDs, medical information, or financial records were included.
Names and emails were leaked in virtually even incident, enabling phishing and identity theft at scale. With 72% of breaches exposing numbers and home addresses, many businesses now face social engineering risks that extend well beyond the IT department.
The message from Apex's Cyber Team is clear: you can't protect what you can't see.
"Dark web monitoring isn't just for big corporations anymore. Even smaller firms can proactively track whether their credentials or client data have appeared online - and take action before criminals do. Awareness is half of the battle. The other half is discipline - using multi-factor authentication, patching regularly, and making cyber security part of everyday business culture."
As Greater Manchester's trusted Managed Service Provider (MSP), Apex is helping local businesses take control of their security - from implementing robust defences to offering free Cyber Health Checks that uncover unseen risks.