Private Internet Access Transparency Report Q1 2025
Our quarterly transparency report is designed to keep users informed about the data requests we receive. We hope it offers a clear look at how we protect user privacy: Even though we regularly receive requests, our strict no-logs policy means there is never any data to share.
A summary of the figures is available on our website’s Transparency Report page, and we’ll dive into more details below.
PIA’s Q1 2025 Transparency Report
This report covers requests our legal department received from January 1 to March 31. Before we get into the numbers, here’s a brief summary of each type of legal request we might receive.
Here is an overview of the legal notices we received this quarter.
| Legal Processes | Received | Logs Produced |
| Court orders | 0 | 0 |
| Subpoenas | 7 | 0 |
| Warrants | 0 | 0 |
| State notices | 3 | 0 |
| Federal notices | 5 | 0 |
| Foreign and informal requests | 13 | 0 |
Although we occasionally receive data requests, we are unable to produce any records for authorities due to our strict no-logs policy. Simply put, there are no logs to share. We do not collect, monitor, or store any information about your online activities.
Bug Bounty Program Q1 Data
Notable cybersecurity news of Q1 2025
We believe online security is a fundamental right. That’s why we stay vigilant, closely tracking the latest cybersecurity developments to keep our community informed on the latest threats. Here’s a quick look at some of the events shaping today’s online privacy landscape.
Surge in Ransomware Attacks
The first quarter of 2025 saw a large spike in ransomware activity, with 2,063 reported victims globally—a historic high for a single quarter. Of these victims, 59% were based in the United States. The Akira ransomware group emerged as particularly aggressive, accounting for over one-tenth of these attacks. The group often gains entry to systems using phishing emails or known vulnerabilities in VPNs—highlighting the importance of using reputable VPN services.
Hacktivist DDoS Attacks
Hacktivist groups launched a series of DDoS attacks targeting high-profile U.S. organizations, including media outlets like CNN and CNBC, as well as major technology and e-commerce platforms such as Amazon. These attacks were ideologically driven, claiming to be in opposition to U.S. foreign policy. The attacks were often timed to coincide with political events or symbolic dates. In most cases, services were restored within hours, but the attacks strained resources and required mitigation efforts like activating cloud-based DDoS protection services and rerouting traffic through more resilient infrastructure.
Malware Distribution Via CAPTCHAs
At the start of this year, there was a significant increase in the use of the NetSupport remote access trojan. Threat actors distributed the remote access trojan through malicious websites disguised as legitimate CAPTCHA verification pages. When users attempted to interact with these fake CAPTCHAs, PowerShell scripts executed in the background, silently installing the NetSupport client. Once embedded, the malware allowed attackers full remote control over the victim’s system, enabling data theft, keylogging, surveillance, and the deployment of additional payloads.