We regularly receive requests for user information, but there’s nothing we can provide, as we don’t log user activity or connection details. Simply put, the data doesn’t exist. Curious about how often these requests come in? That’s where our quarterly transparency report comes in. Let’s dive into the details!
Legal Requests — Our Q1 Numbers
For our transparency report, we tally DMCA complaints and police requests.
- Digital Millennium Copyright Act (DMCA) complaints are requests we receive when copyright holders inform us that one of our IP addresses was used to illegally distribute copyrighted materials.
- Police requests are requests we receive when law enforcement agencies inform us that one of our IP addresses was used in unlawful activity.
| January | February | March | |
| DMCA Complaints | 39,030 | 37,138 | 29,164 |
| Police Requests | 1 | 1 | 1 |
As always, we’re unable to comply with these requests. We follow a strict no-logs policy, and our RAM-only servers ensure no data persists whenever they get rebooted. We’re not legally required to retain any user data and have no data to supply even if compelled to do so.
With that said, let’s have a look at the numbers.
DMCA Complaints
| January | February | March |
| 39,030 | 37,138 | 29,164 |
The numbers of DMCA complaints remained fairly steady over the past half year.
Normally someone behind a DMCA complaint might try to trace a user’s IP address. But when the user is using a VPN, the DMCA request is sent to the VPN company, shielding the user from the issue. As we do not keep logs of user activity, a DMCA notice cannot impact our users.
Police Requests
| January | February | March |
| 1 | 1 | 1 |
We received one police request each month this quarter, for which we have no user data to provide.
Bug Bounty Program — Q1 Numbers
Our Bug Bounty Program incentivizes cybersecurity researchers to search for and inform us of any vulnerabilities in our software, with the chance to earn a reward. In Q1, we received 75 submissions, with 51 of these being unique issues. In total, 8 of these submissions were considered valid, with the other 43 reported issues categorized as false positives, informational, or invalid.
Q1 cybersecurity in review
Cyber threats seem to be consistently intensifying, with more companies and individuals becoming victims of attacks like ransomware. Here are a handful of examples from the beginning of 2025.
Clop Ransomware Targeting Cleo Vulnerabilities
In early 2025, the Clop ransomware group exploited zero-day vulnerabilities in Cleo’s managed file transfer solutions, leading to a wave of attacks across Europe. The widespread use of Cleo’s services in e-commerce and supply chain operations made many organizations vulnerable to this attack vector. Victims included WK Kellogg, which suffered data breaches, exposing employee personal information. Hertz, along with its subsidiaries Dollar and Thrifty, experienced a data breach that exposed sensitive customer information, including names, contact details, dates of birth, driver’s license numbers, credit card information, and, in some cases, Social Security numbers and passport details.
Attacks to Destabilize EU
Europol’s 2025 threat assessment highlighted an increase in politically motivated cyber-attacks across the EU, attributed to Russian state actors and affiliated criminal networks. These “hybrid threats” included cyber-attacks, sabotage, and disinformation campaigns aimed at destabilizing European institutions and infrastructure. Incidents involved attacks on hospitals, arson, and disruptions to public services, with evidence suggesting coordination between intelligence agencies and organized crime groups.
Orange Group Suffers Data Breach
In February 2025, Orange Group, a major telecommunications company, confirmed a data breach after a hacker leaked internal documents and employee data. The threat actor, associated with the HellCat ransomware group, published details of the stolen data on a hacker forum following unsuccessful extortion attempts. The breach raised concerns about the security of critical infrastructure providers in Europe.
Many companies fail to adequately secure their systems, putting individuals at greater risk online. But you don’t have to leave your privacy to chance. By making smart choices—like selecting services that prioritize privacy, scrutinizing their data policies, and using protection tools such as CyberGhost VPN—you can take control of your digital security. A VPN encrypts your connection, hides your IP address, and protects your personal information from hackers, especially on unsecured networks like public Wi-Fi. Strengthen your online security today.
Leave a comment