data privacy
The majority of data breaches contain human resources data that can be used for cyber and social engineering attacks, according to a Lab 1 study of 141 million breached files.
Lab 1 used AI agents to scrape and analyze breached datasets and files from 1,297 data breach incidents, including PDFs, emails, spreadsheets and slides. This type of unstructured information is commonly used by HR practitioners but is typically overlooked in data breach analysis.
“Rather than focus on mega data dumps of structured and primarily credential-based information, we've focused on the huge risks associated with unstructured files that often hold high-value information, such as cryptographic keys, customer account data, or sensitive commercial contracts,” said Robin Brattel, co-founder and CEO of Lab 1. “With cybercriminals now behaving like data scientists to unearth these valuable insights to fuel cyberattacks and fraud, unstructured data cannot be ignored.”
HR data rich in personally identifiable information (PII), including names, addresses, national IDs and health-related records, appears in 82% of all breaches, the company’s study found. Social Security numbers were present in half of all incidents the study analyzed, which poses a material risk for identity theft and data protection regulation violations. Fifty-eight percent of incidents contain recruitment data, including names, addresses and contact details that may be included on resumes and cover letters, according to the report.
Breaches that include HR content and correspondence are particularly suited for AI-enabled weaponization, said Lab 1. Emails are the most prevalent exposed sensitive information type and when cross-referenced with leaked internal HR files can support hyper-targeted phishing and social engineering campaigns. The information can be used to create what is known as synthetic identities, which combine real and fabricated information, to create a persona that can open bank accounts, apply for credit cards and take out loans.
Across all the data breaches analyzed, the median breach was found to expose 482 unique organizations, an increase of 61% from a median of 257 in 2022 to 414.5 in 2025. This means that many HR teams may be unaware of instances where employee data has been exposed through suppliers, partners or third-party platforms, said the report.
Lab 1 said companies should move toward a content-aware approach to breach analysis.
“Ultimately, organizations must understand what information has been leaked, how it can be used, and who might be affected, and faster than it can be used against them,” said Brattel.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.