The personal data of Americans continues to be under threat from cybercriminals looking to steal it for their own financial gain, according to a new report from the Identity Theft Resource Center.
The nonprofit group, which focuses on helping victims of identity theft, said Wednesday that 1,732 data compromises were reported for the first six months of this year, resulting in 165.7 million victim notifications.
The number of reported compromises represents an 11% increase from the same period in 2024, when there were 1,567 reported compromises. Of the most recent total, 1,348 stemmed from data breaches resulting from cyberattacks, far outpacing other causes like phishing attacks, ransomware and computer viruses.
The ITRC says the numbers don’t include previously compromised data such as logins and passwords that were repackaged and then posted online for sharing or sale during the period. It notes that these don’t constitute a new threat against companies or consumers, just a continuation of one that already existed.
James Lee, the group’s president, said in a statement that that’s still a «serious risk» for businesses because much of the data is logins and passwords. «But it also means individuals need to take steps to protect themselves from identity fraud and scams.»
The total for the first half of this year also represented 59% of the 3,155 compromises reported for all of 2024, but the number of people potentially affected represented just 12% of the year-ago total. The ITRC says that while breaches have continued, there haven’t been the same kinds of mega-breaches affecting hundreds of millions of people that there were last year, resulting in the drop.
The financial services and healthcare industries, known for their vast repositories of personal and financial consumer data, continued to be the most targeted sectors in the first half of 2025, accounting for 387 and 283 compromises, respectively.
That might seem daunting, given that there’s not a whole lot consumers can do if their personal data is exposed in one of these corporate data breaches, but there are a few things you can do to mitigate the damage if you do get caught up.
Here are a few tips from CNET and the ITRC.
How to protect your data
Set great passwords and always use MFA. All of your passwords should be long, complex and unique. Need help? Try a password manager or look into setting up passkeys. Don’t be tempted to recycle old passwords, even if they’re great. And if one of your passwords is compromised in a breach, change it right away. It should also go without saying that enabling multifactor authentication is a must whenever it’s available. It’ll help protect you in the event that your password is compromised.
Be on the lookout for phishing. Data breaches that expose your email and other personal details give cybercriminals the material they need to craft successful scam texts, emails, social media messages and even phone calls. And now they have artificial intelligence tools to make them all the more convincing. Be skeptical of any kind of unsolicited communications and don’t hand over any personal information or money to people or companies you haven’t vetted to be legitimate.
Keep an eye on your financial accounts. If you know your personal information has been compromised, keep a close eye on your bank accounts and credit card statements. Set up account alerts to inform you right away if a major transaction takes place.
Freeze your credit. If you’re worried you might be at risk of identity theft or fraud, freeze your credit with all the major credit bureaus. It’s not as big a pain as you might think. That way, cybercriminals won’t be able to use your personal information to do things like get a credit card or take out a loan.