Cybercriminals are turning your personal data into high-value commodities—and business is booming.

Europol’s 2025 Internet Organised Crime Threat Assessment (IOCTA), published today, reveals how stolen data fuels the digital underworld, powering a criminal ecosystem that spans from online fraud and ransomware to child exploitation and extortion. The report paints a stark picture of a cybercrime economy built on access—access to your systems, your identity, and your most sensitive information.

The Head of Europol’s European Cybercrime Centre, Edvardas Šileris, commented: 

“You can’t defend what you don’t understand. Europol’s IOCTA 2025 report sheds light on the hidden economy of stolen data that powers today’s most dangerous cyber threat, giving law enforcement, policymakers, and industry the intelligence needed to act decisively.”

From phishing to phone scams, and from malware to AI-generated deepfakes, cybercriminals use a constantly evolving toolkit to compromise systems and steal personal information. These stolen credentials and data sets are then sold, resold, and repackaged by data and access brokers operating across dark web forums, encrypted channels, and subscription-based criminal marketplaces.

Social engineering, reimagined

The report highlights a rise in the use of generative AI, including Large Language Models, to supercharge social engineering attacks. Criminals now tailor scam messages to victims’ cultural context and personal details with alarming precision. Child sexual exploitation perpetrators are also using AI to scale up grooming attempts and make coercion attempts more effective.

Data is no longer just the target—it’s a commodity

Cybercriminals no longer need technical skills to succeed. Crime-as-a-service platforms now offer everything from stolen data to step-by-step fraud tutorials. Access credentials to remote services, compromised corporate networks, and even personal logins are sold in bulk.

Stolen data is also weaponised for extortion, identity theft and abuse—including against children.

New threats, old vulnerabilities

Initial access brokers and ransomware groups continue to exploit known system weaknesses and manipulate human behaviour.

Even popular error messages and CAPTCHA boxes are being mimicked in a tactic known as "ClickFix" to trick users into installing malware themselves.

While encryption protects users’ privacy, the criminal abuse of end-to-end encrypted (E2EE) apps is increasingly hampering investigations. Cybercriminals hide behind anonymity while coordinating sales of stolen data, often with no visibility for investigators.

Recommendations for action

To counter these threats, the report calls for coordinated policy responses at EU level, including lawful access solutions for E2EE, harmonised rules on data retention, and urgent efforts to boost digital literacy—especially among young people.

The IOCTA 2025 draws on operational insights from the thousands of investigations Europol supports each year, particularly through its European Cybercrime Centre (EC3) and its Economic and Financial Crime Centre (EFECC), with contributions from Member States, and private sector partners. It builds on the EU Serious and Organised Crime Threat Assessment (SOCTA) and sheds light on a criminal landscape where data is power—and everyone’s data is at risk.