A comprehensive new study analyzing over 141 million files from 1,297 ransomware and data breach incidents has shed disturbing light on the real risks of modern cyberattacks—particularly the overlooked threat of unstructured data. The research, conducted by cybersecurity firm Lab 1, is being termed the “biggest ever content-level analysis of breached datasets” and offers deep insights into the fallout of these breaches.
While the total number of files may not seem extraordinary when compared to criminal databases boasting 16 billion credentials or the recent exposure of 184 million plaintext passwords, it’s the content of these files that makes this report especially urgent.
According to Robin Brattel, CEO of Lab 1, unlike most analyses that focus on structured data like login credentials, this report examined unstructured files, often housing highly sensitive information. “The analysis focused on the huge risks associated with unstructured files that often hold high-value information, such as cryptographic keys, customer account data, or sensitive commercial contracts,” Brattel noted.
The findings are staggering:
- Financial documents were present in 93% of incidents and made up 41% of all files analyzed.
- 49% of breaches contained bank statements, and 36% included International Bank Account Numbers (IBANs).
- 14% involved wealth statements, and 82% of breaches exposed personal or corporate identifiable information (PII).
- 67% of that breached PII came from customer service interactions.
- 51% included email leaks that exposed U.S. Social Security numbers.
- On average, 54 email addresses were compromised per breach.
- Cryptographic keys were discovered in 18% of incidents, with code files accounting for 17%.
- System logs appeared in 79%, and images in 81% of cases.
The average breach, according to Lab 1, contains 22,647 files and 13.44 GB of data, with 14 different file types and 22 classifications. Most alarmingly, each breach impacts an average of 482 organizations, demonstrating the far-reaching “blast radius” of cyber incidents.
The report explains that this blast radius has grown 61% over the past three years, significantly increasing systemic risk, regulatory exposure, and reputational damage. Many affected entities are nth-party connections in the supply chain—organizations completely unaware of their data exposure.
In extreme cases, the number of impacted organizations reached 1.73 million in a single breach, while the financial services sector saw an average impact of 4,468 organizations per breach.
As Damian Sutcliffe, former CIO (EMEA) at Goldman Sachs, warns: “We need to stop thinking of breaches as isolated incidents… [the risk] applies to not just that held within our systems, but information held across our entire supply chain.”
Another recent study—the 2025 Ransomware Report by Zscaler ThreatLabz—reinforces these concerns. Deepen Desai, executive VP of cybersecurity at Zscaler, noted a shift in tactics: “Ransomware tactics continue to evolve, with the growing shift toward extortion over encryption as a clear example.” The use of GenAI by attackers has further amplified the threat, enabling more targeted and efficient breaches.
The Zscaler report found:
- A 146% year-over-year surge in ransomware attacks blocked by its cloud platform.
- A 92% increase in exfiltrated data volume among the top 10 ransomware groups.
- Total data stolen rose from 123 TB to 238 TB in just one year.
This escalating trend shows that ransomware is no longer just about locking systems—it’s about weaponizing stolen data.
As cybercriminals increasingly behave like data scientists, capable of mining massive datasets for exploitable intelligence, the need to secure not just networks, but also the unstructured data within them, has never been more critical.