Cyberattacks: Nigeria Records 281,500 Breached Accounts in Q1 2026 – Report
Nigeria recorded 281,500 leaked accounts in the first quarter of 2026, ranking 34th among the world’s most breached countries, according to a new report released by cybersecurity company Surfshark.
The firm’s latest quarterly data breach analysis revealed that 210.3 million accounts were compromised globally between January and March 2026, with the United States responsible for 29 per cent of all reported breaches during the period.
France emerged as the second most affected country worldwide, followed by India, Brazil, and the United Kingdom.
According to the report, Nigeria has recorded 24.1 million compromised accounts since 2004, making it the third most impacted country in Sub-Saharan Africa.
Surfshark disclosed that 7.5 million unique email addresses linked to Nigerian users have been exposed over the years, while nearly 13 million passwords were leaked alongside Nigerian accounts.
The report warned that about 54 per cent of affected Nigerian users are vulnerable to account hijacking, identity theft, extortion, and other cyber-related crimes.
“Statistically, 10 out of 100 Nigerian people have been affected by data breaches,” the report stated.
The analysis further showed that leaked information tied to Nigerian users included highly sensitive personal data such as Social Security-related records, financial information, contact details, and residential addresses.
According to the findings, approximately 3,900 Social Security-related records and 1,600 payment card details were exposed, alongside 1.9 million phone numbers and more than 925,000 residential addresses.
Globally, the number of breached accounts in Q1 2026 tripled compared to the same period in 2025 and increased by 22 per cent relative to the fourth quarter of 2025.
Commenting on the rising trend, Surfshark’s Chief Security Officer, Tomas Stamulis, attributed the surge in data breaches to the growing adoption of artificial intelligence technologies by businesses.
He explained that more organisations are storing larger volumes of user data and integrating additional digital systems as AI adoption accelerates.
The report cited industry figures showing that 20.2 per cent of companies used AI in 2025, up significantly from 8.7 per cent in 2023.
“These AI-driven systems collect and log more detailed user information for automation, analytics, and model improvement,” Stamulis said.
He noted that while AI enhances operational efficiency, it also expands the number of systems companies must secure, thereby increasing exposure to cyber attacks and data leaks.
Stamulis further warned that stolen personal information can remain valuable to cybercriminals for years, even after users change compromised passwords or email addresses.
According to him, hackers often merge old and new data leaks into so-called “combo lists,” which are repeatedly sold or used for fraud and identity theft schemes.
He advised internet users to share sensitive personal information only when absolutely necessary, use alternative email identities or masking services where possible, and avoid oversharing personal data online.
Last month, the Nigeria Data Protection Commission raised concerns over coordinated cyber threats targeting Nigeria’s financial systems and critical digital infrastructure.
The commission said its technical assessment uncovered coordinated operations by “shadowy threat actors” targeting key national systems.
It subsequently urged organisations handling personal data to strengthen both technical and organisational safeguards in order to protect Nigerians and other data subjects from privacy breaches and cyber risks.
