HR documents appear in 82% of all data breaches, finds Lab 1

In 2025, data is both an organization’s biggest asset and its greatest liability.

This is because cyber criminals are getting more and more sophisticated; they are targeting the very structure of companies.

That’s according to new research from Lab 1 – the data intelligence platform used agentic AI to analyze 141 million files across 1,300 data breach incidents.

The challenge is that in today’s digital world, cyber criminals are not just focused on high value assets, but also on small fragments of unstructured data that can help them get a clearer view of how organizations (and their employees) operate.

Speaking about the research, Lab 1’s Co-founder & CEO Robin Brattel shared: “With cybercriminals now behaving like data scientists to unearth these valuable insights to fuel cyberattacks and fraud, unstructured data cannot be ignored.

Ultimately, organizations must understand what information has been leaked, how it can be used, and who might be affected. And faster than it can be used against them.”Ultimately, organizations must understand what information has been leaked, how it can be used, and who might be affected. And faster than it can be used against them.”

Aren't cyberattacks more of a concern for CIOs and CTOs, rather than CHROs and HR teams?

No, because, according to Lab 1’s data, HR documents appear in 82% of data breaches – the only department with more documents at risk is finance (with 93%).

HR and employee data is at significant risk from cyberattacks

The challenge is that HR data is rich with content that cyber criminals want, and at a high “risk of AI-enabled weaponization and advanced social engineering”, according to Lab 1.

HR data are “narrative-rich”, so they “can be used to generate synthetic identities, deepfake content, or voice-clone phishing attacks with high fidelity".

“It also significantly elevates the risk of advanced social engineering and psychological operations, especially in highly regulated industries", stated the Lab 1 report.

This reality should concern HR leaders – as Lab 1’s CEO Brattel exclusively tells UNLEASH: “This isn’t just a technical issue. A leaked CV held on a manager's drive might seem low risk, but it often contains addresses, employment history and enough personal detail to build convincing fake identities. That’s a gateway”.

As a result, there’s a need for behavioral change, as well as security focuses.

CIOs and CHROS “need to work in lockstep to embed day-to-day cyber discipline, not just rely on one-off training or policy documents.

HR Leaders need to champion employee data protection with the same urgency and influence that’s often reserved for customer data.HR Leaders need to champion employee data protection with the same urgency and influence that’s often reserved for customer data.

“This is about shared accountability and sustained action because trust is built in what we protect, not just what we promise.”