Fraud risk surges as leaked files expose UK firms
London’s cyber watchdogs are sounding the alarm over a growing wave of corporate data breaches, as new research reveals the vast majority of leaked datasets now include sensitive financial and personal files, fueling a sharp rise in fraud, cybercrime and reputational risk.
A landmark study published on Tuesday by Lab 1, an AI-driven cybersecurity platform, shows that 93 per cent of data breach incidents now involve financial documents, including bank statements, invoices and IBAN numbers.
Based on an analysis of 141 million leaked files from 1,297 publicly exposed breaches, the report paints a detailed picture of the increasing “blast radius” of cyberattacks on global firms.
The study claims to be the largest content-level analysis of breached datasets ever conducted, offering a granular look at the unstructured data such as emails, HR records, and code files, typically overlooked in traditional breach reviews.
Unlike credential-based dumps, these files often contain sensitive commercial information that can be exploited by fraudsters and attackers to launch follow-up attacks.
Employees and customers caught in the crossfire
Among the most common leaks were HR documents, including payroll information and CVs, found in 82 per cent of breaches.
Customer service records featured in two-thirds of cases, while emails were exposed in 86 per cent.
Notably, half of the incidents included US Social Security Numbers, potentially opening companies up to GDPR violations and regulatory fines under UK and US law.
Lab 1’s chief executive Robin Brattel said the findings mark a shift in how cybercriminals operate.
“They’re behaving like data scientists now – mining these leaks for high value assets that can be used for fraud or targeted attacks,” he said.
The average “blast radius” – a measure of how many organisations are indirectly exposed in each breach – has risen 61 per cent since 2022, the report shows.
On average, data from one incident is now linked to over 400 organisations, including partners and vendors, often without their knowledge.
Retail sector on the edge
The findings land amid growing unease in the UK retail sector following a series of high profile cyberattacks this spring.
Co-op confirmed earlier this week that the personal data of all 6.5 million of its members was accessed during an April hack, despite no financial information being compromised.
The retail giant’s chief executive, Shirine Khoury-Haq, called the breach “deeply personal” and warned the fallout had been significant.
That attack, which law enforcement believes was part of a wider coordinated campaign also targeting M&S and Harrods, resulted in disruption to contactless payments and customer service across Co-op stores.
Four suspects have since been arrested, including three teenagers.
M&S, which suffered operational losses estimated at £300m, is now preparing a £100m insurance claim.
But not all affected retailers had cyber insurance cover in place, potentially leaving them exposed to costly litigation and long-term brand damage.
Intensifying cyber threats
The Lab 1 study follows closely on the heels of another breach involving 16 billion login credentials, widely circulated across criminal forums earlier this month.
Though not the result of a single hack, the trove includes data scraped from malware known as “infostealers” and raises fresh questions about the viability of current password-based authentication systems.
Cybersecurity analysts have warned that such datasets give criminals the tools to carry out highly convincing phishing attacks and identity fraud at scale, particularly when combined with leaked unstructured data like HR files or internal emails.
With businesses under pressure to improve breach detection and response, Brattel says the focus needs to shift.
“It’s not just about stopping the breach. It’s about knowing what’s been leaked, who’s at risk, and how fast you can act before that data is turned against you”, he said.