By using website you agree to our use of cookies as described in our cookie policy. Learn More


Study: U.S. Companies Lead in Leaked Client Data

U.S. companies are behind 24% of worldwide data breaches exposing consumer data.

Note: TDWI’s editors carefully choose press releases related to the data and analytics industry. We have edited and/or condensed this release to highlight key information but make no claims as to its accuracy.

Businesses in the United States have leaked consumers’ data more than any other country, according to the latest research by NordPass. Since late 2019, almost 2,300 companies in the U.S. have suffered data breaches during which various consumer data (e.g., email addresses, passwords, and usernames) was leaked. This number makes up nearly a quarter of all such incidents worldwide.

To conduct this study, NordPass partnered with independent third-party researchers who investigated companies in the U.S. and other countries in terms of their industry, size, and type (i.e., private, nonprofit) to determine which are failing to secure consumers’ data the most.

EU Companies Doing Better

Of around 10,000 companies worldwide that are responsible for exposing clients’ data to hackers, almost a quarter are based in the U.S. In total, they have generated over $400 billion in revenue and have approximately 1.3 million employees.

With U.S. companies leading the list, India and the United Kingdom follow with roughly 750 and 600 businesses respectively. Among the countries in the European Union (EU), Germany and France have experienced the most cyber incidents that led to customers’ data leaks. However, the total numbers of victim companies there are lower.

According to Tomas Smalakys, the CTO of NordPass, these results could be associated with the General Data Protection Regulation (GDPR), which obliges companies in the EU, Liechtenstein, Norway, and Iceland to handle clients’ data more responsibly.

Tech Companies Not So Techie

Researchers found that entertainment companies in the U.S. are the worst at securing clients’ data. Although one would assume otherwise, technology companies are not much better, with this industry having experienced a similar number of cybersecurity incidents that revealed clients’ data.

Firms operating in retail, business services, and education are also responsible for a significant portion of consumers’ data leaks in the U.S.

Private Companies are Top Target

In terms of organization type, private businesses in the U.S. were of most interest to hackers. Based on the study, they make up 70% of organizations that had their clients’ data stolen. Less often, cybercriminals have also targeted public companies (5%), nonprofits (5%), solopreneur businesses (2%), and other types of organizations.

Researchers have also concluded that smaller companies are more likely to experience a data breach and lose clients’ data as a result. In the U.S., companies with up to 50 employees had their clients’ data compromised the most.

How to Secure Client Data

Despite intensifying cyber risks, many businesses -- especially smaller ones -- lack awareness of why and how they should secure clients’ data.

Setting up a cyber resilience plan and organizing employee training could be a good start, says Smalakys. Additionally, companies should consider network security solutions, such as business VPNs, that restrict unauthorized access to computing systems. They have proved to be an effective solution against malware and other malicious attacks.

Password management is another field to improve, says Smalakys. Although many cybersecurity incidents happen simply due to compromised credentials, even the world’s biggest companies do not abandon poor password management practices, reveals an earlier study by NordPass. Up to 32% of their passwords contain a direct reference to the company, which is a gift to hackers.

To address this issue, Smalakys recommends adopting password managers, which allow people within the organization to store, manage, and share passkeys in an end-to-end encrypted space. In addition, companies can try out passkeys, a new alternative method of online authentication currently considered the most secure alternative to passwords. Progressive companies, such as Google, Microsoft, Apple, PayPal, and KAYAK, already allow account access with passkeys.

Methodology: The study was conducted in partnership with independent researchers specializing in research of cybersecurity incidents. They looked for databases leaked from various organizations and analyzed them based on various criteria, such as country, industry, business type, size of the company, and data items’ type. The research represents the breaches that happened between December 2019 and July 2023.

For more information, visit

TDWI Membership

Get immediate access to training discounts, video library, research, and more.

Find the right level of Membership for you.