SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Realistic scattered paper documents digital files overflowing from folders devices cybercrime threats
#
Data Protection
#
Ransomware
#
Physical Security

Lab 1 report reveals unstructured data heightens breach risks

Yesterday
Author image
By Jed Nykolle Harme, Editor

Lab 1 has released a report that analyses 141 million files from 1,297 data breach incidents, highlighting significant risks of downstream fraud and cybercrime for organisations, employees and customers.

The Anatomy of a Breach 2025 report offers an in-depth content-level investigation of breached datasets, focusing on the prevalence of unstructured files, such as financial documents, HR data, customer records and code files, that are typically overlooked but pose considerable risks.

Financial documents prevalent

The analysis indicates that financial documents are present in 93% of breach incidents and constitute 41% of all exposed files. According to the report, these documents frequently contain both personal and commercial information, making them valuable targets for cybercriminals. Bank statements, found in 49% of breaches, and International Bank Account Numbers (IBANs), present in 36%, were highlighted as common items that could facilitate identity fraud, payment redirection and mandate scams.

Commenting on the findings, Robin Brattel, Co-founder and Chief Executive Officer at Lab 1, said:

"Rather than focus on mega data dumps of structured and primarily credential-based information, we've focused on the huge risks associated with unstructured files that often hold high-value information, such as cryptographic keys, customer account data, or sensitive commercial contracts.

"With cybercriminals now behaving like data scientists to unearth these valuable insights to fuel cyberattacks and fraud, unstructured data cannot be ignored. We've refined a scientific approach to analyzing unstructured breach contents and today share our findings, which underline the need to move towards a content-aware approach to breach analysis. Ultimately, organizations must understand what information has been leaked, how it can be used, and who might be affected. And faster than it can be used against them."

PII and customer data exposure

Personal and corporate data - including Human Resources files containing personally identifiable information (PII), payroll, and resumes - featured in 82% of breaches. Additionally, 67% of incidents involved documents and records related to customer service, support, or communication. The prevalence of emails was particularly notable, with 86% of breach incidents exposing this form of sensitive communication. Half the analysed incidents included U.S. Social Security Numbers, further highlighting the scale of PII at risk.

The exposure of such data increases the likelihood of targeted phishing attacks, identity theft, and regulatory breaches, which could subject organisations to significant financial penalties and legal challenges under frameworks such as the General Data Protection Regulation (GDPR) or the Federal Trade Commission (FTC) Act. These risks extend to the erosion of customer trust.

Broader attack surface from unstructured files

The report underscores the widening cyberattack surface resulting from the exposure of unstructured files. Cryptographic keys, which can be used to bypass authentication and gain access to secure systems, appeared in 18% of incidents. Indicators for cloud and infrastructure, such as AWS S3 paths and virtual hosts, were present in 20% and 23% of breaches respectively. Code files, exposed in 87% of all incidents and accounting for 17% of the total files, present additional vulnerabilities to the supply chain by compromising software trustworthiness.

Attack blast radius growing

According to Lab 1, the median number of organisations impacted per breach - the so-called 'blast radius' - has risen by 61% since 2022, from 257 to 482 organisations today. This figure includes secondary and tertiary parties who might be unaware of their potential exposure, given their connection to the breached primary organisation.

The dataset underpinning the report comprised more than 141 million individual file records, all sourced from ransomware and data breach incidents found in the public domain and reconstructed from forensic acquisitions.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
CREST launches staged programme to guide firms to full cyber accreditation
Digital attack surfaces expand as key exposures & risks double
ManageEngine AD360 adds identity risk & MFA to combat breaches
60% of enterprise firewalls fail initial compliance - study
Tenable boosts vulnerability priority rating with advanced AI

Top stories

Global ransomware attacks drop 43% but threats evolve quickly
PT KAI partners with Zimbra for secure & sovereign email upgrade
All top 100 Singapore firms hit by third-party cyber breaches
Motorola unveils 'AI nutrition labels' for safety technologies
System administrators drive Asia’s AI success amidst rapid change