Data breach remains a critical problem across the world, but one that may be slowly abating.

In the first quarter of 2022, accounts of over 1.8 crore users were breached worldwide, according to research by UK-based VPN company Surfshark. This was, however, 58% lower than the 4.3 crore between October 2021 and December 2021.

Russia had the most breaches in the first quarter which, according to Surfshark, was likely because internet activist group Anonymous declared a cyberwar on the country as a response to its invasion of Ukraine.

Russia, Poland, Hong Kong and Taiwan are the only regions where there was an uptick observed in security leaks. Other countries in Surfshark’s research showed a decline.

For India, too, the number was much lower, though it remained one of the worst-hit in terms of leaked user IDs, credit card information, telephone numbers, email addresses and passwords.

India has taken several measures to protect sensitive user data, especially in banking. For instance, the Reserve Bank of India now prohibits merchants from storing credit card data and mandates that they use card tokenisation. This allows user information to be replaced by an encrypted code on the server.

This article first appeared on Quartz.