Two Petabytes Worth Data of Israeli’s Siphoned, Says Cyber Head

Two petabytes, or two quadrillion bytes of information, has been stolen from Israelis in recent years, according to Yossi Karadi, head of the Israel National Cyber Directorate (INCD). Speaking to The Jerusalem Post, Karadi described the scope of the Israel data breach incidents as unprecedented.  Not long ago, cyberattacks were measured in megabytes or gigabytes. As digital storage expanded, breaches involving terabytes, trillions of bytes, became the benchmark for large-scale incidents. Now, hackers have pushed beyond even that threshold. The two-petabyte figure reflects a dramatic leap in the scale of successful infiltrations affecting Israeli citizens and institutions. 

Yossi Karadi Says the Israel Data Breach Reached Quadrillions 

To understand the magnitude, Karadi compared the stolen volume to the holdings of the National Library of Israel, whose digital archive totals roughly 20 trillion bytes. The cumulative data taken in various Israel data breach cases equals about 100 such libraries. The estimate is based on aggregated intelligence assessments and data analysis from multiple cyber incidents tracked by the INCD.  Beyond raw data theft, officials are also tracking sharp increases in specific forms of cyber aggression. According to figures presented during the interview, phishing attacks in 2025 climbed by 35%, while cyber influence operations surged by 170%. The Israel data breach problem, therefore, is only one part of a broader and more complex digital threat environment.  Phishing attacks rely heavily on social engineering. Attackers attempt to manipulate individuals into clicking on malicious links or providing sensitive financial details. In some cases, these tactics allow criminals to drain bank accounts or harvest personal information. In others, they serve as an entry point into larger organizational networks, potentially opening the door to more extensive breaches. 

Cyber Influence Surge Deepens Israel Data Breach Concerns 

Cyber influence campaigns are structured differently. Rather than stealing money or information directly, they aim to manipulate public opinion to achieve political or strategic objectives. One widely known example remains Russia’s documented attempt to interfere in the 2016 presidential election in the United States. Although subsequent investigations concluded that Donald Trump likely would have won regardless, the episode demonstrated how digital influence efforts can disrupt democratic discourse.  In Israel, authorities have raised concerns about similar tactics. Last week, the INCD and the Shin Bet issued a public warning revealing that, since mid-2025, hundreds of highly sophisticated cyberattacks have targeted Israeli government officials, security personnel, academics, and media figures. Much of the spike in activity has been attributed to intelligence elements from Iran, though officials stress that Israel faces threats from multiple sources.  Israel is currently ranked as the third most targeted country worldwide by hackers. Still, it is far from alone in experiencing large-scale digital disruption. In August and September 2025, Jaguar Land Rover in the United Kingdom suffered one of the most economically damaging cyberattacks on record. The breach caused nearly £2 billion in losses and forced a month-long shutdown across its global production facilities. Supply chains involving up to 5,000 businesses were disrupted for five weeks, and the British government intervened to stabilize operations while the company regained its financial footing.  

Push for Cyber Law as Data Breaches Escalate 

In response to the growing threat landscape and the recurring Israel data breach incidents, Karadi has advanced a comprehensive cyber law designed to clarify the INCD’s authority and formalize the responsibilities of private-sector operators. The proposed legislation, introduced on January 25, outlines 63 minimum cybersecurity requirements for critical infrastructure providers and government agencies. Many of these standards draw from frameworks established by the National Institute of Standards and Technology.  A central provision of the bill would require companies facing “grave” cyber threats to report breaches to the INCD in real time. The goal is to enable faster coordination and containment before incidents escalate into large-scale national crises.  Karadi, who assumed his role approximately a year ago, is seeking to advance the bill’s first reading in the Knesset in March. If the legislative process moves quickly, it could be enacted before the upcoming election season begins by mid-summer.