Review of global data breaches showed that Nigeria ranked as the 34th most breached country in Q1 2026, with 281,500 leaked accounts.
Globally, a total of 210.3 million accounts were breached, with the U.S. ranking first and accounting for 29 per cent of all breaches from January through March. France takes second place, while India is third, followed by Brazil and the United Kingdom.
These revelations emerged from Surfshark’s quarterly analysis of global data breaches. Surfshark is a cybersecurity company based in Amsterdam, the Netherlands.
It revealed that since 2004, Nigeria has been the third in Sub-Saharan Africa, with 24.1 million compromised user accounts. A total of 7.5 million unique email addresses were compromised in Nigeria. Thirteen million passwords were leaked alongside Nigerian accounts, putting 54 per cent of breached users at risk of account takeover that could lead to identity theft, extortion, or other cybercrimes. Statistically, 10 out of 100 Nigerian people have been affected by data breaches.
The scope of exposed information often extended to highly sensitive personal data, such as Social Security Numbers (3.9k), financial data, e.g., payment card numbers (1.6k), and contact information, such as phone numbers (1.9 million) and addresses (925.8k).
Globally, the number of breached accounts tripled in Q1 2026 compared to the same period in 2025 and increased by 22 per cent compared to the last quarter of 2025.
An important fact is that, in 2025, 20.2 per cent of companies reported using AI, up from 8.7 per cent in 2023 — meaning adoption has more than doubled over the past two years
According to the Chief Security Officer at Surfshark, Tomas Stamulis, as companies rapidly adopt AI, they increase the amount of user data stored, expand the number of digital systems they use, and integrate more platforms to manage larger volumes of user data.
With data breaches becoming a daily risk for companies, Stamulis shared his deepest concerns about businesses forcing users to create accounts and provide personal information to complete an online purchase when there is no clear need for it.
He reminded people of the main habits of personal data hygiene in the age of AI: Provide your real data, such as your primary email address, telephone number, home address, and other sensitive personal information, only when there is a critical need, such as filling out official forms.
In other cases, use an alternative identity or email masking services, and avoid providing your data unless necessary.
