Surfshark: Nigeria Hit By 24.1m Data Breaches Amid Rising Cyberattacks

Nigeria Ranks Third in Sub-Saharan Africa for Compromised Accounts, Surfshark Report Reveals

Nigeria has recorded 24.1 million compromised user accounts since 2004, making it the third most affected country in Sub-Saharan Africa, according to a recent report by cybersecurity firm Surfshark. The analysis, covering global data breach trends for Q1 2026, found that Nigeria experienced 281,500 leaked accounts between January and March 2026, ranking it 34th globally during that period.

Globally, 210.3 million accounts were breached in Q1 2026 a sharp increase from previous quarters. The United States led with 29% of all reported breaches, followed by France, India, Brazil, and the UK. Nigerian users faced escalating risks, including identity theft, account hijacking, extortion, and financial fraud, with 7.5 million unique email addresses and 13 million passwords exposed since 2004.

The report highlighted that over half of breached Nigerian users remain vulnerable, with 10% of the population affected by data leaks. Compromised data included highly sensitive information, such as:

• 3,900 Social Security-related records
• 1,600 payment card details
• 1.9 million phone numbers
• 925,000 residential addresses

Surfshark attributed the surge in breaches to the rapid adoption of AI technologies, which has expanded the volume of user data collected and stored. 20.2% of companies used AI in 2025 up from 8.7% in 2023 increasing attack surfaces for cybercriminals. The firm’s Chief Security Officer, Tomas Stamulis, warned that AI-driven systems, while boosting efficiency, also create new vulnerabilities, as hackers exploit combo lists datasets combining old and new leaks for fraud and identity theft.

The report further noted that global breaches in Q1 2026 tripled year-over-year and rose 22% from Q4 2025, underscoring the growing sophistication of cyberattacks.

Source: https://thewhistler.ng/nigeria-hit-by-24-1m-data-breaches-amid-rising-cyberattacks/

Surfshark cybersecurity rating report: https://www.rankiteo.com/company/surfshark

"id": "SUR1778164255",
"linkid": "surfshark",
"type": "Breach",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '24.1 million accounts since '
                                              '2004',
                        'location': 'Nigeria',
                        'name': 'Nigerian users',
                        'size': '10% of the population affected',
                        'type': 'Population'}],
 'data_breach': {'number_of_records_exposed': '24.1 million accounts since '
                                              '2004, 281,500 in Q1 2026',
                 'personally_identifiable_information': ['Social '
                                                         'Security-related '
                                                         'records',
                                                         'Payment card details',
                                                         'Phone numbers',
                                                         'Residential '
                                                         'addresses',
                                                         'Email addresses'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Social Security-related records',
                                              'Payment card details',
                                              'Phone numbers',
                                              'Residential addresses',
                                              'Email addresses',
                                              'Passwords']},
 'date_detected': '2026-03-31',
 'date_publicly_disclosed': '2026-01-01',
 'description': 'Nigeria has recorded 24.1 million compromised user accounts '
                'since 2004, making it the third most affected country in '
                'Sub-Saharan Africa, according to a recent report by '
                'cybersecurity firm Surfshark. The analysis found that Nigeria '
                'experienced 281,500 leaked accounts between January and March '
                '2026, ranking it 34th globally during that period. '
                'Compromised data included highly sensitive information such '
                'as Social Security-related records, payment card details, '
                'phone numbers, and residential addresses.',
 'impact': {'data_compromised': '24.1 million accounts since 2004, 281,500 in '
                                'Q1 2026',
            'identity_theft_risk': 'High',
            'payment_information_risk': 'High'},
 'lessons_learned': 'AI-driven systems, while boosting efficiency, also create '
                    'new vulnerabilities, as hackers exploit combo lists for '
                    'fraud and identity theft.',
 'motivation': ['Identity theft',
                'Account hijacking',
                'Extortion',
                'Financial fraud'],
 'post_incident_analysis': {'root_causes': 'Rapid adoption of AI technologies, '
                                           'expanded attack surfaces, and '
                                           'exploitation of combo lists'},
 'references': [{'date_accessed': '2026-03-31', 'source': 'Surfshark Report'}],
 'title': 'Nigeria Ranks Third in Sub-Saharan Africa for Compromised Accounts',
 'type': 'Data Breach',
 'vulnerability_exploited': 'AI-driven systems and expanded attack surfaces'}