Nigeria recorded 281,500 leaked accounts in the first quarter of 2026, ranking as the 34th most breached country globally.
This is according to a new report by cybersecurity firm Surfshark.
The company’s quarterly data breach analysis showed that 210.3 million accounts were breached globally between January and March 2026, with the United States accounting for 29% of all reported breaches during the period.
France ranked second globally, followed by India, Brazil, and the United Kingdom.
What the report is saying
According to the report, Nigeria has recorded 24.1 million compromised user accounts since 2004, making it the third most affected country in Sub-Saharan Africa.
Surfshark noted that 7.5 million unique email addresses linked to Nigerian users have been exposed over the years, while approximately 13 million passwords were leaked alongside Nigerian accounts.
The report stated that 54% of breached Nigerian users face heightened risks of account takeovers, identity theft, extortion, and other cyber-related crimes.
- “Statistically, 10 out of 100 Nigerian people have been affected by data breaches,” the report noted.
The analysis further revealed that leaked data linked to Nigerian users included highly sensitive information such as Social Security-related records, financial details, contact information, and residential addresses.
More insights
According to the report, about 3,900 Social Security-related records and 1,600 payment card details were exposed, alongside 1.9 million phone numbers and over 925,000 addresses.
Globally, breached accounts in Q1 2026 tripled compared to the same period in 2025 and rose by 22% when compared with the fourth quarter of 2025.
Commenting on the trend, Surfshark’s Chief Security Officer, Tomas Stamulis, linked the rising scale of data breaches to the rapid adoption of artificial intelligence tools by businesses.
- According to him, more companies are storing larger volumes of user data and integrating additional digital systems as AI adoption accelerates.
- The report cited industry data showing that 20.2% of companies used AI in 2025, up from 8.7% in 2023.
- “These AI-driven systems collect and log more detailed user information for automation, analytics, and model improvement,” Stamulis said.
He added that while AI improves operational efficiency, it also increases the number of systems companies must secure, creating more opportunities for cyberattacks and data exposure.
Stamulis warned that leaked personal information remains valuable to cybercriminals for years, even after users change compromised passwords or email addresses.
According to him, hackers often combine old and new leaks into “combo lists” that can be repeatedly sold or used for fraud and identity theft.
He advised users to provide sensitive personal information only when absolutely necessary, use alternative email identities or masking services where possible, and avoid sharing personal data unnecessarily online.
What you should know
Just last month, the Nigeria Data Protection Commission (NDPC) raised concerns over coordinated cyber threats targeting Nigeria’s financial systems and key digital infrastructure.
NDPC said its technical assessment revealed that “shadowy threat actors” have launched coordinated operations aimed at critical systems in the country.
The Commission had urged organisations handling personal data to urgently improve both technical and organisational safeguards to protect Nigerians and other data subjects from privacy breaches and cyber risks.
