SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Realistic computer screen showing sensitive financial personal data with warnings
#
Data Protection
#
Phishing
#
Physical Security

HR & financial data most exposed in major cyber breaches

Thu, 24th Jul 2025
Author image
By Jed Nykolle Harme, Editor

Lab 1, a UK-based data intelligence firm, has released a comprehensive content-level analysis of leaked data from 1,297 breach incidents, shedding new light on the specific types of sensitive information organisations are exposing through cyberattacks.

The "Anatomy of a Breach 2025" report analysed 141 million breached files that have entered the public domain, marking the largest study of its kind to date. The research found that human resources (HR) and financial records are present in the overwhelming majority of breaches, with potentially grave consequences for organisations and individuals alike.

Extensive HR and financial exposure

According to the report, HR documents such as payroll data, national identification numbers, and health records were exposed in 82% of breaches. Financial documents, including bank statements, appeared in 93% of incidents and accounted for 41% of all exposed files.

Bank statements, which can serve as a basis for identity fraud, were present in 49% of breach cases. Additionally, IBANs - used for mandate scams and payment redirection - were included in 36% of breached datasets.

Lab 1 found that internal emails were leaked in 86% of cases, while US Social Security Numbers appeared in half of all breaches. The report singles out the world's largest financial institutions, noting that the top five global banks were implicated in more than 380 separate breaches, with a single institution appearing in 621 exposure events.

The study also reveals that customer and corporate personally identifiable information (PII) are being exposed at consistently high rates, with HR data found in 82% of breaches and customer care information present in 67% of incidents.

Regulatory and fraud risks

Exposure of PII raises the risk of targeted phishing attempts, identity theft, and violations of data protection regulations such as GDPR in Europe or the US Federal Trade Commission (FTC) Act. Organisations that suffer such breaches could face fines, litigation, and reputational damage stemming from lost customer trust.

Emails, the most prevalent category of sensitive information leaked, have been a particular target for cybercriminals due to the opportunity for phishing, impersonation, and synthetic identity creation.

Unstructured data and new avenues of attack

The research examined not just structured data but also unstructured files, such as PDFs, emails, spreadsheets, and source code files, which often contain overlooked but valuable information. Code files were exposed in 87% of analyzed incidents, representing 17% of all leaked files. This raises risks to the software supply chain by undermining the integrity of software materials and increasing vulnerability to cyberattacks.

Cryptographic keys - enabling attackers to bypass authentication and access secure systems - were uncovered in 18% of incidents. Cloud infrastructure data, such as AWS S3 paths and virtual hosts, were found in 20% and 23% of breaches respectively, facilitating potential data exfiltration or identification of unsecured storage endpoints.

Breach blast radius expanding

Lab 1's analysis identifies a marked increase in what it terms the "attack blast radius". The median number of organisations exposed through an individual breach has risen by 61% in three years, from 257 in 2022 to more than 414 by 2025. This metric underscores the widespread cascading impact of single breach events across business ecosystems, often affecting entities with indirect or "nth-party" relationships to the initially breached company.

"Rather than focus on mega data dumps of structured and primarily credential-based information, we've focused on the huge risks associated with unstructured files that often hold high-value information, such as cryptographic keys, customer account data, or sensitive commercial contracts. With cybercriminals now behaving like data scientists to unearth these valuable insights to fuel cyberattacks and fraud, unstructured data cannot be ignored. We've refined a scientific approach to analyzing unstructured breach contents and today share our findings, which underline the need to move towards a content-aware approach to breach analysis. Ultimately, organizations must understand what information has been leaked, how it can be used, and who might be affected. And faster than it can be used against them," Robin Brattel, Co-founder and CEO of Lab 1, said.

The "Anatomy of a Breach 2025" report is based on a dataset containing over 141 million individual file records, reconstructed from public domain sources and forensic analysis of compromised systems.

Related stories
DroneShield names Michael Powell new chief operating officer
Why the all-AI social network looks more fad than legacy
Hexnode embeds upgraded Genie AI to run UEM actions
Safer Internet Day spotlights AI, trust & child safety
Finalists revealed for 2025 everywoman in Tech Awards

Top stories

Kerala crackdown targets online child abuse networks
Fireblocks & Thales deepen bank crypto key control
SentinelOne debuts lifecycle platform for AI security
Synology gains ISO 27001:2022 for security management
Dark web ‘fraud superstore’ struggles with AI checks