Nigeria recorded 281,500 compromised user accounts in the first quarter of 2026, ranking 34th globally in data breaches, as cyber risks intensify alongside the rapid adoption of artificial intelligence by businesses worldwide.
The latest quarterly analysis by Surfshark shows that while Nigeria remains outside the top tier of most breached countries, the scale and nature of exposures highlight growing systemic vulnerabilities in Africa’s largest digital economy.
Globally, more than 210.3 million accounts were breached between January and March, nearly triple the level recorded in the same period of 2025 and up 22 percent from the previous quarter. The United States accounted for 29 percent of all breaches, followed by France and India, with Brazil and the United Kingdom completing the top five.
Although Nigeria’s quarterly figures appear modest in comparison, the long-term trend tells a more concerning story. Since 2004, the country ranks third in Sub-Saharan Africa with 24.1 million compromised user accounts. Of these, 7.5 million unique email addresses have been exposed, alongside 13 million leaked passwords.
This leaves more than half (about 54%) of affected users at heightened risk of account takeover, identity theft, extortion, and other forms of cybercrime. In practical terms, an estimated 10 out of every 100 Nigerians have been impacted by data breaches.
The scope of compromised information underscores the severity of the threat. Beyond login credentials, breaches have exposed sensitive personal data including phone numbers (1.9 million), home addresses (925,800), financial details such as payment card numbers (1,600), and even government-linked identifiers like Social Security numbers.
The rise in global data breaches is unfolding in parallel with the accelerated adoption of artificial intelligence across industries. In 2025, 20.2 percent of companies reported using AI, more than double the 8.7 percent recorded in 2023, raising critical questions about whether the two trends are interconnected.
According to Tomas Stamulis, chief security officer at Surfshark, the correlation is difficult to ignore.
“These AI-driven systems also collect and log more detailed user information for automation, analytics, and model improvement. While this improves the company’s efficiency, it also means there are many more systems for businesses to secure, more opportunities for error, and more points where sensitive information such as user credentials and personal data can be exposed. As a result, hackers now have a larger and more complex environment to exploit and execute attacks, including data breaches,” he explained.
Analysts note that as companies digitise operations and integrate AI tools, they inevitably expand their data footprint, creating more entry points for cyberattacks and increasing the complexity of securing digital infrastructure.
For individuals, the implications of a data breach extend far beyond immediate exposure. Once leaked, personal information can circulate indefinitely across underground markets.
“For people, a data leak means their personal information is forever on the internet. It’s not a one-time threat that disappears after a user changes their compromised email address and password. It becomes a constant security risk as hackers reuse leaked data, package it into ‘combo lists,’ combine it with new leaks, and resell it repeatedly. So even after 10 or 20 years, leaked data is still valuable and can be used against a user to commit fraud, gain access to more data, and steal money,” Stamulis warned.
The cybersecurity expert also raised concerns about unnecessary data collection practices by businesses, particularly the requirement for users to create accounts and submit personal information for routine transactions.
As cyber threats evolve, experts are urging both organisations and individuals to adopt stricter data protection practices. Businesses are being advised to minimise data collection, strengthen system security, and reassess how AI tools are integrated into their operations.
