Proton has introduced the Data Breach Observatory, a new initiative that leverages dark web intelligence to surface cyberattacks and breaches that often go unreported.
Unlike conventional breach reports that depend on voluntary disclosures, the newly launched platform draws directly from threat actor communities to provide near real-time visibility into the scope of global data leaks.
Traditional reporting is often skewed by companies’ reluctance to disclose breaches, driven by fear of reputational damage or regulatory scrutiny. Proton’s approach is built on tracking data as it circulates within cybercriminal markets, bringing public attention to incidents that may otherwise remain hidden.
The project’s initial dataset is derived from monitoring conducted throughout 2025, revealing 794 distinct breach incidents tied to specific organizations. These exposures compromised over 300 million individual records. Proton’s researchers excluded bulk breach compilations to maintain clarity and accuracy, although when those are included, the total number of incidents rises to over 1,570, with hundreds of billions of records implicated.
The data for the Observatory is sourced and validated in partnership with Constella Intelligence, a digital risk protection firm that performs verification before any breach is published. In cases where verification is challenging, like when breached organizations are uncooperative, Proton applies responsible disclosure protocols. This includes confidentially notifying affected entities and working with them to verify the breach before releasing any public information. Hence, the Observatory will not be republishing unverifiable claims directly from dark web actors.
Proton, known for its suite of privacy-first services such as Proton Mail, Proton VPN, and Proton Pass, positions the Observatory as an educational and defensive resource. The aim is not only to raise awareness but also to provide affected organizations with an early alert mechanism, potentially identifying breaches before they become public knowledge or lead to larger compromises.
Observatory's 2025 stats
The 2025 data reveal that small and medium-sized businesses (SMBs) are disproportionately affected. Companies with fewer than 250 employees accounted for nearly 71% of all verified breaches. Retail and wholesale sectors were the most frequently targeted industries (25.4%), followed by technology firms (15%) and media or entertainment companies (11%). These figures point to systemic vulnerabilities in sectors with high data volumes and often limited defensive resources.
From a data perspective, the most commonly leaked information includes:
- Email addresses – exposed in 100% of observed cases
- Full names – present in 90% of breaches
- Contact details – such as phone numbers or physical addresses (72%)
- Passwords – often in plaintext or weakly hashed (49%)
- Sensitive data – including health or government ID information (34%)
The dark web remains a key distribution point for these records, where cybercriminals buy, sell, or exchange personal and corporate information. Proton’s Observatory is designed to shine a light on this hidden economy and give consumers and businesses a clearer view of the threats they face.
Eamonn Maguire, Proton’s Director of Engineering for AI & ML, believes the Observatory will help people stay safe in cases of data exposure. “If your credentials are compromised, receiving timely alerts is essential to secure your accounts, prevent identity theft, and minimize financial losses,” he said.
Proton’s Data Breach Observatory will be continuously updated as new breaches are verified, serving as a public resource for journalists, researchers, businesses, and individuals alike. The system will also be integrated into privacy tools such as Proton Pass, which includes credential monitoring and email aliasing, giving users rapid alerts when response to incidents is required.
Leave a Reply