Report: The Average American Has Suffered 7 Data Breaches Since 2004

The US is at the top of the list for breached accounts across the past 18 years, with over 2.29 billion total breaches.

If you’ve lived in the US for the past 18 years, your personal data has been illegally accessed on an average of seven different occasions, according to a new report.

In addition, American internet accounts have been breached so often that the country’s population makes up about 15% of all affected users around the globe. The report, out from VPN service SurfShark, has plenty of additional insights.

That said, shoring up the basics of internet security — like refraining from reusing passwords or staying on secured connections — can go a long way, even if it won’t rewind several decades of breaches.

14.9 Billion Accounts Breached Since 2004

The United States is at the top of the list of countries with the highest amount of breached online accounts in the past 18 years, with over 2.29 billion breaches in total, which adds up to 694 breached accounts per 100 residents, or 6.94 per person.

That’s not a great number, but depending on how you count the breaches, one other country actually has it worse. Russia only has 2.17 billion breaches in the same time frame as the US’s 2.29 billion, but that adds up to far more per 100 people — 1,489 breaches, more than double the US’s 694.

China, Germany, and France are numbers three, four, and five on the list, respectively, though none of them crack one billion breaches since 2004.

What’s Being Lost?

Different types of breaches can be more severe, as a greater number of different data points could be copied, viewed, or stolen:

“American and Russian accounts are exposed to cyber risks the most,” Surfshark sums up its report. “The U.S. ranks 1st according to the number of data points leaked per capita, where a single person has lost 27 data points on average to breaches since 2004. Russia comes second with 23 data points per person. Australia ranks third with 13 data points per capita.”

Overall, a whopping 48.6 billion data points have been exposed in the years tracked, with each email address being leaked with an average of 2.3 additional data points.

Across North America, that number rises to 3.7 data points, although the number of passwords leaked per 100 breached accounts drops to 72, down from a global average of 90.

Are Breaches on the Rise?

Surfshark’s report covers the past 12 months of data breaches in detail as well, and that information may be more relevant to the average person. After all, you can’t do much about preventing that data breach in 2005 when you leaked your email password trying to get early access to Star Wars: Revenge of the Sith.

But just since 2021, breach rates have ticked up. They’ve risen by 6.7% in the first quarter of 2022, compared to the fourth quarter of last year. At Surfshark’s last count, we were suffering 324 breaches per minute across the globe.

In the first quarter of the year, Russia fared far worse than the US, with over 25 million breaches compared to the US’s slightly over one million.

Staying Safe Online in 2022

Russia announced in September 2021 that it was banning six popular VPN services, including stalwarts like NordVPN, Express VPN, and IPVanish, and then added another six VPNs to the ban list in December.

Given that timing, it’s easy to draw a connection between VPN use and cutting down on data breaches. If you’re interested, our research team has tested all the top VPNs to figure out which ones are fast, easy to use, and trustworthy. Still, the rise in Russian data breaches this year can’t actually be explained that easily: Residents of the country have sharply increased their VPN use overall in 2022.

In the end, password managers might be the top solution. They’ll allow any user to securely store and access new passwords for any account they need, ensuring that they won’t be tempted to reuse passwords.

And the best management tools for passwords can even auto-generate the most secure passwords, to keep users from relying the world’s worst option, “123456.”

About our links

If you click on, sign up to a service through, or make a purchase through the links on our site, or use our quotes tool to receive custom pricing for your business needs, we may earn a referral fee from the supplier(s) of the technology you’re interested in. This helps to provide free information and reviews, and carries no additional cost to you. Most importantly, it doesn’t affect our editorial impartiality. Ratings and rankings on cannot be bought. Our reviews are based on objective research analysis. Rare exceptions to this will be marked clearly as a ‘sponsored’ table column, or explained by a full advertising disclosure on the page, in place of this one. Click to return to top of page

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Adam is a writer at and has worked as a tech writer, blogger and copy editor for more than a decade. He was a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and his art history book on 1970s sci-fi, 'Worlds Beyond Time,' is out from Abrams Books in July 2023. In the meantime, he's hunting down the latest news on VPNs, POS systems, and the future of tech.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals