- VPN
- VPN Privacy & Security
New data reveals over 300 million records were exposed in 2025, with small tech firms increasingly in the crosshairs
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
(Image credit: Shutterstock)
- Copy link
- X
- Threads
Sign up for breaking news, reviews, opinion, top tech deals, and more.
Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.You are now subscribed
Your newsletter sign-up was successful
An account already exists for this email address, please log in. Subscribe to our newsletter- Proton recorded 794 major breaches in 2025, exposing 306+ million records
- 71% of breaches affected small- and medium-sized businesses
- Proton urges startup founders to "build in private"
If you are a startup founder, you might assume your business is too small, too new, or too obscure to attract the attention of cybercriminals. You would also be wrong.
According to a new report from Swiss privacy giant Proton – the provider behind one of the best VPN and secure email services – early-stage companies are becoming a primary target for hackers.
Data sourced from Proton's Data Breach Observatory reveals that 794 significant breaches occurred in 2025 alone, exposing a staggering 306.1 million records. While massive corporations often dominate the headlines, Proton found that 71% of breaches actually affected small- and medium-sized businesses.
You may like-
Most SMBs aren't set up to survive a major cyberattack - here's what needs to be done
-
Your email app isn't the weak link but your cloud configuration probably is
-
Remote work and the big breaches of 2025: Cause or convenient excuse?
The "too small to hack" myth is dead
Cybercriminals are looking for the path of least resistance, and increasingly, that path leads to small businesses that hold valuable intellectual property (IP) but lack the dedicated security teams of a Global 500 enterprise.
The report identifies a dangerous mindset among European entrepreneurs: the prioritization of speed over security.
"In startup circles, 'speed wins,' and security can be seen as a hindrance to that speed. This can result in missing crucial steps when securing a business," said Patricia Egger, Head of Security at Proton.
The report highlights that access is often the first target. Nearly half (49%) of the breaches tracked involved compromised passwords. For a small team using shared logins over Slack or saving credentials in browsers, a single slip-up can hand the keys to the entire kingdom to a threat actor.
Proton’s report cites sobering examples from 2025, including PhoneMondo, a five-person team in Germany that saw over 10.5 million records exposed, and Tracelo, a US-based tracking app that leaked 1.4 million records. In both cases, the size of the company didn't protect the massive amount of customer data they held.
As most SMBs aren't set up to survive a major cyberattack, the consequences, ranging from GDPR fines to total loss of consumer trust, can be fatal for a young company.
Today's best Proton VPN deals
Proton VPN 24 Month US$3.59/mthViewat Proton VPNProton VPN 12 Month US$4.32/mthViewat Proton VPNProton VPN 1 Month US$9.99/mthViewat Proton VPNHow to "Build in Private"
To combat this, Proton is urging startups to "build in private." This initiative pushes founders to embed privacy into their operations from day one, rather than bolting it on after a breach occurs.
You may like-
Your email app isn't the weak link but your cloud configuration probably is
-
Remote work and the big breaches of 2025: Cause or convenient excuse?
-
Most Brits worry about online privacy, but they trust the wrong apps
Raphael Auphan, COO of Proton, notes that while consumers understand privacy, it can be harder to convey to founders of startups when widely adopted big tech tools prioritize speed.
"I cannot stress enough to founders and business owners the importance of pausing to make the conscious choice to 'build in private'," Auphan adds.
If you are running a small business, Proton’s report suggests three critical controls to stop you from becoming a statistic in 2026:
- Eliminate Reusable Credentials: Move away from shared passwords. Use passkeys or a dedicated password manager to generate unique, strong logins. Enforce Multi-Factor Authentication (MFA) everywhere.
- Gate Your Access: Don't let every employee access every file. Centralize your access paths using business VPNs to create a single private gateway. This ensures that even if one device is compromised, the attacker cannot move laterally across your entire network.
- Encrypt Everything: Encryption doesn't stop attacks, but it makes the stolen data useless. Ensure your email, cloud storage, and calendar tools use end-to-end encryption so that only you hold the keys.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
Are you a pro? Subscribe to our newsletterContact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. CATEGORIES Security Pro
Rene MillmanContributing WriterRene Millman is a seasoned technology journalist whose work has appeared in The Guardian, the Financial Times, Computer Weekly, and IT Pro. With over two decades of experience as a reporter and editor, he specializes in making complex topics like cybersecurity, VPNs, and enterprise software accessible and engaging.
View MoreYou must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
Logout Read more
Your email app isn't the weak link but your cloud configuration probably is
Remote work and the big breaches of 2025: Cause or convenient excuse?
Most Brits worry about online privacy, but they trust the wrong apps
Print security means business security: protecting data across the physical-digital boundary
Protect yourself from data breaches with this Black Friday VPN Deal
Dozens of organizations fall victim to infostealers after failing to enforce MFA
Latest in VPN Privacy & Security
'A violation of fundamental rights' – Civil society calls on Switzerland to abandon data retention proposals
"VPNs are next on my list" – France set to evaluate VPN use following social media ban for under-15s
Windscribe promises users in Iran and Russia "solutions" to ongoing VPN crackdown — here's everything we know
'Our users deserve better' – PrivadoVPN set to leave Switzerland on privacy grounds
Most Brits worry about online privacy, but they trust the wrong apps
Big Tech needs less than a month to pay off over $7 billion in 2025 fines, Proton warns
Latest in News
Startups, listen up: Proton says you're not "too small" to be hacked
The Elder Scrolls 4: Oblivion Remastered is coming to Nintendo Switch 2 this year, along with two other huge Bethesda games
ExpressVPN unveils new standalone password manager – ExpressKeys is now available for iOS and Android
Forget Seahawks vs Patriots: Wix vs Squarespace is the real showdown at Super Bowl 2026
Sony says Ghost of Yotei made a 'significant contribution' to the 8 million PS5 units that were sold in late 2025, a feat that surpassed the Nintendo Switch 2 by 1 million units
Steam Machine is delayed due to RAM crisis — and price is to be 'revisited'
LATEST ARTICLES- 1NGINX servers hijacked in global campaign to redirect traffic
- 2Forget Seahawks vs Patriots: Wix vs Squarespace is the real showdown at Super Bowl 2026
- 3Quordle hints and answers for Friday, February 6 (game #1474)
- 4NYT Strands hints and answers for Friday, February 6 (game #705)
- 5NYT Connections hints and answers for Friday, February 6 (game #971)
