Identity Theft Trade Group Says Financial Services ‘Most Breached Industry’

By  |  July 16, 2025
 | 

The number of data breaches in the United States is on track to reach a record high in 2025, with financial services being the “most breached industry,” according to the Identity Theft Resource Center (ITRC).

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    Overall, there were 1,732 publicly reported data breaches in the first half of the year, the ITRC said in a Wednesday (July 16) press release. That’s 10% more than the 1,571 data compromises that were seen during the same period in 2024.

    The financial services and healthcare industries were the most targeted sectors. Financial services suffered 387 data breaches, slightly fewer than during the first half of 2024, while healthcare was the victim of 238 data breaches, which was an increase, according to the release.

    The ITRC said in January, when releasing its data breach report for the full year 2024, that the financial services sector overtook healthcare as the “most breached industry” during that year. Healthcare was the industry suffering the most data breaches from 2018 through 2023.

    Despite the increase in the total number of data breaches in the first half of 2025, the number of victim notices issued during that period (165,745,452) amounted to only 12% of the number issued in the first six months of 2024, per the Wednesday press release.

    The ITRC attributed the drop to there being fewer “mega breaches” this year than there were in 2024. In its January press release, the organization said a mega breach results in at least 100 million breach notices being issued.

    PYMNTS reported in May 2024 that 2024 was “already the year of the cyberattack.”

    The primary cause of data breaches in which personal information was stolen in the first half of 2025 was cyberattacks, according to the ITRC’s Wednesday press release. So far this year, cyberattacks accounted for 1,348 of the reported incidents and 114,582,621 of the victim notices.

    A growing number of data breach notices do not have information about the root cause of the attack. That has been a trend for the past five years, and during the first half, the share of breach notices in which that is the case reached 69%, up from 65% a year earlier, per the release.

    “Through the first half of the year, we’ve seen a continuation, and in some cases, acceleration of the trends from 2024,” ITRC President James E. Lee said in the release. “Some of these trends are troubling — like the lack of transparency surrounding what caused more than two-thirds of compromises.”


    Recommended

    Fifth Third: FinTech Platforms Drive Loan Growth Despite ‘Tepid’ Environment

    U.S. Bancorp, earnings

    U.S. Bancorp’s Platform-Based Reinvention Means Moving From Branches to Back End

    Rokt logo

    Rokt Acquires Canal to Bolster eCommerce Offering

    Crypto Thefts Surpass 2024 Numbers Thanks to ByBit Hack

    See More In: , , , , , ,