In this blog, we’re walking you through the top 10 countries that data breaches originate from according to our research – from China to Indonesia – we cover them all, so have a read – we have some interesting stuff to share!

These days, data breaches are not news to anybody. Data breaches are happening left, right, and center, and according to the research made by Norton in September of 2022, they’re the reason that hundreds of thousands – as many as 800,000 people – are getting hacked every year. As data breaches continue to happen, many wonder – just where exactly do they originate from?

Exploring the World in Data Breaches

According to the map provided by Varonis which tracks data breaches since 2013, the countries with the most amount of stolen records derived from data breaches are as follows:

1. United States leads the list with more than 6 billion (6,219,819,956) stolen records.
2. India is right behind the US with 394,307,531 stolen records.
3. China is catching up with 350,752,955 stolen records.
4. South Korea has 228,726,843 records stolen from their services.
5. The UK is a little better – it has “barely” 140,139,193 records.
6. Turkey is slightly behind with 132,312,866 stolen records.
7. Japan is right behind Turkey with 114,769,575 records.
8. South Africa has 106,654,166 lost or stolen records.
9. France is catching up with slightly more than 100 million records – according to Varonis, the exact number is just over 100 million with 100,099,535 records lost or stolen.

But that doesn’t answer the question where do data breaches originate from. Is it the US? Perhaps the country is Russia as the country is touted for its cyber warfare capabilities. Or perhaps it’s China? Well, the answer is not that straightforward. You see, the majority of attackers don’t steal data from apps and websites using their real IP addresses – they use VPN services renowned for their ability to change the IP addresses of their users to the IP originating from another country which means that tracking the crime is relatively hard: add an additional investigation cost, and tracking down the perpetrator gets even harder. However, technological capabilities are not everywhere the same – by knowing the country where the data breach originated from (for example, by contacting the VPN vendor and asking for the logs), law enforcement agencies can easily track down the perpetrator. With that, we come to the top 10 countries where data breaches originate from. Most of these are based on our own research looking at data breaches, looking at investigation documents, and sources, and these are as follows:

Rank	Country	Details
#1	China	It may be a surprise to some, but the first country “obsessed” with data breaches isn’t the US or even Russia. It’s China – and it’s easy to understand why. First off, the country is amongst the biggest countries in the world, and according to Booz Allen, China is capable of cyber espionage, influence operations, as well as cyber-attacks and data breaches that cause massive amounts of destruction and damage.
#2	United States	It shouldn’t come as a surprise that the first country in the list below China is the US. People and companies from the United States are amongst the biggest victims and perpetrators of cyber attacks as well – and considering the size of the country, the internet-enabled capabilities of those living there, and the amount of money the country is investing in cyber security every year (according to Statista, the US has the highest cybersecurity index (GCI) scores in the legal, technical, organizational, cooperation, and capacity-building aspects in cyber security too), it shouldn’t be surprising at all.
#3	Brazil	According to multiple sources, Brazil is advancing in the cybersecurity ranking every year: however, that doesn’t stop the country from ranking at the top of global cyber-crime rankings in regards to financial fraud and botnets.
#4	India	Judging by the strength of India’s financial, technological, financial, intelligence and security capabilities, the country is frequently positioned amongst the so-called “third-world countries” as far as cyber warfare is concerned, however, that doesn’t mean that no cyber attacks originate from India. According to our research, approximately 4-5% of cyber attacks in 2021 alone originated from India. Surprising, isn’t it? The possibility of the majority of attacks being VPN-based isn’t excluded, though.
#5	Germany	According to CFR, Germany as a country has approximately 14,000 soldiers and IT personnel as part of its cyber command – however, Deutche Welle says that the cyber security of both public institutions and private companies is lacking. Germany is somewhere in the middle of the cyber attack realm with approximately 5% attacks originating from the country in 2021 – it may be because attackers are using german VPNs or for other reasons. Part of the reason why might be because law enforcement in germany doesn’t really have the means or the necessary experience to fend off cyberattacks.
#6	Vietnam	Vietnam seems like an unlikely candidate for cyber attacks to originate from, but according to numerous sources, around 4% of data breaches in 2021 originated from the country. It may as well have been caused by the fact that attackers are more and more inclined to use Vietnamese IP addresses, or for other reasons.
#7	Thailand	Another unlikely candidate in the list is, of course, Thailand. Who would’ve thought that the country would even be in the list? Yet, according to our research, approximately 2.5% of cyber attacks originate from Thailand.
#8	Russia	We bet that Russia is the one country you would’ve expected to see at the top of the list, but that’s not the case. In 2021, Russian cybercriminals have allegedly caused only slightly more than 2% of the global cyberthreats. Surprising, isn’t it?
#9	Indonesia	A country amongst the last in the list is Indonesia – the attacks that have originated from Indonesia allegedly caused approximately 2.3 to 2.4% of global cyberattacks.
#10	The Netherlands	Cyberattacks originating from the Netherlands have been the cause of approximately 2.2% of global cyberattacks.

Data Breach Search Engines

You might be surprised by the fact that in some cases, unethical data breach search engines (not BreachDirectory!) help cyber criminals to complete their tasks too. Unethical data breach search engines don’t last long – however, they can do a lot of harm. You see, instead of simply providing people with the information regarding their cybersecurity stance, such data breach search engines provide everyone with all of the details concerning an account – search for an email or a username and you will be provided with the IP address, password, geographical locations, possibly credit, debit cards, and other details concerning the specific user. Doesn’t sound good, does it? That’s the primary reason why such data breach search engines are very far from legal in the first place – and they get taken down shortly after they gain some publicity as well.

We can tell you this, though – the data breach search engine provided by BreachDirectory and the BreachDirectory API is used by prominent universities as well as companies furthering their cyber security stance, also individuals, so if you make good use of it, be certain – your company and you will much less likely be a target for cybercrooks and script kiddies alike. Are you surprised by some of the countries on this list? We certainly are! If some of the information provided in this blog surprised you, make sure to follow our blog for more updates in the future, and until next time!