Disclosure: TheBestVPN is reader-supported. When you buy a VPN through links on our site, we may earn commissions. Learn more.

How Many Data Breach Cases Hit The U.S. Each Year?

How Many Data Breach Cases Hit The U.S. Each Year?

 

Key Takeaways

  • 17,770 data breach cases reported to FBI IC3 from 2020-2025
  • 2025 hit a new six-year high at 3,963 complaints – surpassing the previous peak of 3,727 in 2023
  • 54% drop in 2021 followed by volatile swings each year after

The Story Behind the Numbers

From 2020 to 2025, Americans filed 17,770 “Data Breach” complaints with the FBI’s Internet Crime Complaint Center (IC3), averaging about 2,962 a year. The pattern is uneven: 2021 fell sharply from 2020 (1,287 vs 2,794), 2022 rebounded to 2,795, 2023 peaked at 3,727, 2024 eased to 3,204 – and 2025 climbed to a new six-year high of 3,963. These counts represent breach incidents reported to IC3 and do not capture every cyber attack in the United States, but they provide a consistent, nationwide signal of breach activity across six years. A separate metric – breach victim notices – captures scale of exposure, with 278.8 million notices issued in 2025 (about 763,912 per day, or 530+ per minute). Read as a whole, the series shows that breach frequency can swing widely year to year, even while overall reporting volume across the period stays high.

Why This Data is Important

IC3 complaints are one of the few public, nationwide signals showing how often people and organizations face confirmed data exposure. Year-to-year swings often reflect shifts in attacker focus, disclosure rules, and reporting practices, and a significant share of breaches still start with basic human error. A lower count can still coincide with severe cases if a small number of breaches expose rich datasets. Even a breach involving 10,000 customer records can add up to around $1.6 million in costs, so “fewer incidents” doesn’t always mean “less damage”. Those leaked datasets often get reused for identity theft, account takeovers, and targeted phishing.

Interpreting these trends benefits from context on how internet traffic is handled and logged – what a VPN changes in transit and how IP address visibility shapes what can be linked back to a person or device. Performance also affects real-world adoption and measurement baselines, so understanding practical speed considerations helps frame what’s realistic on everyday networks. Taken together, the metrics emphasize exposure rather than headlines; against that backdrop, the practical move is to shrink what attackers can see and reuse by using strong authentication, limiting data reuse, and reducing tracking. A VPN won’t stop a database hack, but it does help hide your IP and cut profiling while you browse.

Looking Ahead: Future Outlook

Volatility will likely continue – and 2025’s new peak suggests the upward pressure isn’t easing. Complaint totals may shift with reporting habits, law enforcement focus, and disclosure rules, while the market value of stolen data keeps financial losses high even in quieter years. And since many organizations allocate only about 0.69% of revenue to cybersecurity, the safest assumption is that prevention habits matter more than trying to predict the next swing.

Focus on durable defenses: multi-factor authentication, password managers, minimal data sharing, patching, and network hygiene. If you stream, game, or travel, it’s important to hide your IP to reduce surface area.

Source & Methodology

Figures are taken from the FBI IC3 annual reports, using the “Data Breach” complaint category and associated annual losses for 2020-2025. We summed complaints (17,770) and calculated year-over-year percentage changes from the raw annual values.