Proton, a technology firm focused on privacy, has launched a new platform designed to bring attention to unreported cybersecurity incidents. This initiative, called the Data Breach Observatory, aims to uncover significant data breaches that organizations may prefer to keep hidden, especially those that do not reach regulatory authorities or are not publicly acknowledged.
Unveiled on Thursday, the Data Breach Observatory has already compiled information on incidents occurring in 2025, revealing a staggering 300 million individual records involved in 794 cyberattacks. However, this figure excludes the more sensational data dumps often associated with infostealers, which usually involve duplicated or outdated information. The Observatory specifically focuses on breaches that affect individual organizations instead of aggregated cases, allowing for a more accurate representation of the situation.
The Swiss company highlighted the increasing lack of transparency surrounding data breaches, which has created a thriving market for stolen information on the dark web. According to their analysis, nearly half of the breaches examined so far this year involved leaked passwords, while sensitive data related to government services or healthcare was found in over a third of the cases.
Proton intends to update the Data Breach Observatory in near-real-time, ensuring that the details of these attacks are responsibly disclosed, particularly those that would otherwise go unnoticed. The company emphasizes that this service is not merely intended to criticize organizations for their lack of transparency. Instead, it aims to assist small and medium-sized businesses, which are often the most vulnerable to these threats, in recognizing potential dangers and fortifying their security measures.
Eamonn Maguire, director of engineering, AI & ML at Proton, stated that the Data Breach Observatory distinguishes itself from other platforms like HaveIBeenPwned due to its direct sourcing of data from dark web intelligence. He explained, “Many breach disclosures come from various sources, including GDPR notifications and threat intelligence feeds. However, a significant gap exists as many organizations opt not to disclose breaches unless legally mandated or delay their disclosure.” He added that the Observatory aims to bridge this gap by continuously monitoring criminal sources, allowing it to identify breaches without depending on the affected organizations” willingness to be transparent.
While monitoring the dark web for such information is not a new practice, publicly sharing the results of these investigations is less common. Typically, data from dark web breaches is available only to clients of threat intelligence firms, limiting its benefit to the broader business community. Additionally, the reliability of dark web data is often questionable, necessitating thorough verification before it can be used. Maguire mentioned that Proton has partnered with Constella Intelligence, a US-based company, to validate the data collected. This partnership involves multiple processes, including cross-referencing known breach patterns and examining metadata for consistency.
Part of their responsible disclosure process includes reaching out to affected organizations, which often confirms the findings. Maguire noted that while ransomware leak sites can sometimes provide inflated data, the Observatory focuses on identifiable, single-source breaches and excludes aggregated compilations. “We are not simply republishing what criminals claim; we are implementing validation layers before any disclosures,” he concluded.
