CyberGhost Shares Q1 2025 Transparency Report, Reaffirms No-Logs Commitment

• CyberGhost's Q1 2025 Transparency report shows 105,332 DMCA complaints and 3 police requests, but it couldn’t comply due to its strict no-logs policy.
• 8 out of 75 bug bounty reports were valid; rest were false or informational.
• CyberGhost highlighted rising cyberattacks, including Clop ransomware and breaches like Orange Group.

CyberGhost VPN has released its Q1 2025 Transparency Report, covering legal requests, DMCA complaints, police inquiries, and cybersecurity efforts between January and March. The report underscores the company’s commitment to user privacy and transparency, stating once again that it does not collect or store any user activity data.

In the first quarter of 2025, CyberGhost received a total of 105,332 DMCA complaints, with numbers showing a slight drop month-over-month: 39,030 in January, 37,138 in February, and 29,164 in March. DMCA complaints usually relate to copyright holders flagging illegal content distribution from a particular IP address. However, as CyberGhost follows a strict no-logs policy and uses RAM-only servers, it says it has no information to share in response to these notices.

The provider also received one police request per month during the quarter, three in total. As with DMCA complaints, these requests went unanswered for the same reason: the company doesn’t store any connection or activity logs.

"Simply put, the data doesn’t exist," CyberGhost states in the report.

CyberGhost also highlighted the progress of its Bug Bounty Program, which encourages ethical hackers to report vulnerabilities in exchange for rewards. "In Q1 2025, the company received 75 submissions, of which 51 were unique. Only 8 were found to be valid, while the rest were categorized as false positives, informational, or invalid reports."

The report concludes with a broader look at the cybersecurity landscape during the first quarter. It highlights a spike in cyberattacks, such as the Clop group's ransomware campaign that took use of flaws in Cleo's controlled file transfer software. Major companies including Hertz and WK Kellogg were impacted by the assault, which compromised customer and employee data. 

Additionally, Europol’s 2025 threat assessment flagged an uptick in politically motivated cyber-attacks across the EU, allegedly linked to Russian state actors. These included sabotage, disinformation campaigns, and attacks on public infrastructure.

In February, Orange Group, a major European telecom provider, also suffered a significant data breach. Documents and employee data were leaked online after failed extortion attempts by the HellCat ransomware group.

CyberGhost ends its report by urging users to take digital privacy seriously. While many organizations struggle to secure their systems, users can still protect themselves by choosing privacy-focused services and using security tools like VPNs.

The provider has maintained a strong record of transparency over the years. It previously published its Q2 2024 Transparency Report detailing legal requests and emphasizing its privacy-first infrastructure. CyberGhost also completed two independent audits by Deloitte — one in 2022, verifying its no-logs policy, and another in 2024, confirming upgrades to its systems and continued adherence to user privacy standards.

The report serves as another reminder of the ongoing threats in today’s digital world and the importance of strong privacy practices.