Skip to main content
European Commission logo
en
Live, work, travel in the EU
Migration and Home Affairs

Europol published report on how cybercriminals trade and exploit data

  • News article
  • 16 June 2025
  • Directorate-General for Migration and Home Affairs
  • 2 min read
2025 IOCTA report visual

Data has become a commodity for crime. Cybercriminals steal, trade and exploit data, monetising it and using information for other criminal activities. Hybrid threats from malicious actors can also be based on this criminal economy. These are the main takeaways from the Internet Organised Crime Threat Assessment (IOCTA), Europol’s analysis of evolving threats and trends in the cybercrime landscape.  

The 2025 IOCTA report Steal, deal and repeat: How cybercriminals trade and exploit your data shows that organised crime has continued to evolve at an unprecedented pace in the past year. The rapid adoption of new technologies and the continued expansion of digital infrastructure has further shifted criminal activities to the online domain.  

The report highlights a rise in the use of generative AI, including Large Language Models, to supercharge social engineering attacks. Criminals now tailor scam messages to victims’ cultural context and personal details with alarming precision. Child sexual exploitation perpetrators are also using AI to scale up grooming attempts and make coercion attempts more effective. 

The report shows that cybercriminals no longer need technical skills to succeed. Crime-as-a-service platforms now offer everything from stolen data to step-by-step fraud tutorials. Access credentials to remote services, compromised corporate networks, and personal logins are sold in bulk. Stolen data is also weaponised for extortion, identity theft and abuse—including against children. 

Recommendations for action 

The report calls for coordinated policy responses at EU level, including lawful access solutions for end-to-end encryption, harmonised rules on data retention, and urgent efforts to boost digital literacy, especially among young people. 

The IOCTA 2025 draws on insights from the thousands of investigations Europol supports each year, particularly through its European Cybercrime Centre and its Economic and Financial Crime Centre, with contributions from Member States, and private sector partners. It builds on the EU Serious and Organised Crime Threat Assessment (SOCTA). 

To address the threats mentioned in IOCTA, ProtectEU - Internal European Security Strategy  addresses the evolving threat landscape, prioritising the protection of people, societies, and local communities and businesses. It sets a comprehensive agenda to ensure a safer and more secure Union, with three overarching objectives – stepping up capabilities to protect people, mainstreaming security considerations in EU policy and external action, and reinforcing a whole-of-society approach to ensure EU security and safety. 

Find out more

2025 IOCTA report 

Cybercrime - European Commission 

Details

Publication date
16 June 2025
Author
Directorate-General for Migration and Home Affairs