Data Breach Notification,
Data Security,
Fraud Management & Cybercrime
ITRC Report: 2025 Breach Notices Lack Crucial Information Amid Rise of AI-Based Threats
The Identity Theft Resource Center (ITRC) has reported a staggering 3,322 data breaches across the United States in 2025, surpassing all previous records. Alarmingly, only 30% of breach notifications provided the actionable details necessary for adequate response and remediation, putting individuals and organizations at heightened risk, according to ITRC President James Lee.
Legal concerns, inconsistent state regulations, and fear of liability have driven many organizations to withhold vital information in response to breaches. Lee characterized this trend as particularly troubling, especially in an era where artificial intelligence (AI) is increasingly influencing the nature of cyber threats, including supply chain vulnerabilities and the re-use of stolen data, as outlined in a recent ITRC report.
“The diminishing transparency in breach notifications creates a perilous situation where critical protection information is unavailable to both individuals and enterprises,” Lee stated. “The percentage of notifications containing actionable data has plummeted from nearly 100% to a mere 30%.”
Another critical insight from the report highlights the role of AI technology in facilitating targeted cyber assaults. Data obtained from previous breaches is being repackaged and reused to perpetrate further victimization. Lee stressed that all organizations, regardless of their size, are targets in today’s landscape. “Safeguarding data is essential, as identity-related crimes can result in significant breaches,” he emphasized.
In a recent interview with Information Security Media Group, Lee addressed the escalating challenges in cybersecurity, including the exploitation of previously compromised data for new identity fraud initiatives and the overarching vulnerability stemming from a lack of breach transparency. He also called for more stringent legal frameworks and minimum cybersecurity standards nationwide.
Lee’s expertise in data protection spans a notable career, including roles as COO and now president of the ITRC. His previous experience includes serving as executive vice president at Waratek, a provider of application security solutions, as well as senior vice president at ChoicePoint, which is now part of LexisNexis. Additionally, Lee has contributed to the American National Standards Institute on identity management and privacy topics. Before these roles, he was responsible for global public affairs and communications at International Paper Company.