2025 Data Breaches — Year-to-Date Disclosure Tracker

2025 Data Breaches (637 indexed)

high · education · Dec 8, 2025

Vanderbilt University

190K student and medical center records exposed via ransomware on administrative systems

View incident → Original disclosure Indexed 4 months ago

high · finance · Dec 8, 2025

Discover Financial Services

520K card holder records exposed via vulnerability in mobile banking application

View incident → Original disclosure Indexed 4 months ago

high · tech · Dec 8, 2025

D-Link Routers Buffer Overflow Vulnerability — D-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be end-of-life (E

View incident → Original disclosure Indexed 4 months ago

high · tech · Dec 8, 2025

Array Networks ArrayOS AG

Array Networks ArrayOS AG OS Command Injection Vulnerability — Array Networks ArrayOS AG contains an OS command injection vulnerability that could allow an attacker to execute arbitrary commands.

View incident → Original disclosure Indexed 4 months ago

high · tech · Dec 6, 2025

KinoKong

817,808 records exposed — Email addresses, IP addresses, Names, Passwords and 1 more

View incident → Original disclosure Indexed 4 months ago

high · legal · Dec 5, 2025

Gibson Dunn & Crutcher LLP

280K antitrust investigation records exposed via phishing attack on senior associates

View incident → Original disclosure Indexed 4 months ago

high · other · Dec 5, 2025

Enbridge Inc

780K customer and pipeline operational records exposed

View incident → Original disclosure Indexed 4 months ago

high · tech · Dec 5, 2025

Sharp Corporation

340K customer records stolen

View incident → Original disclosure Indexed 4 months ago

critical · tech · Dec 5, 2025

Meta React Server Components

Meta React Server Components Remote Code Execution Vulnerability — Meta React Server Components contains a remote code execution vulnerability that could allow unauthenticated remote code execution by exploiting a flaw i

View incident → Original disclosure Indexed 4 months ago

high · finance · Dec 5, 2025

Stripe vendor incident

450K merchant records exposed via third-party integration

View incident → Original disclosure Indexed 4 months ago

high · government · Dec 5, 2025

City of Indianapolis

340K resident records stolen

View incident → Original disclosure Indexed 4 months ago

high · tech · Dec 5, 2025

Confluent (Kafka Cloud)

180K enterprise streaming configurations exposed via SSRF vulnerability in management API

View incident → Original disclosure Indexed 4 months ago

high · healthcare · Dec 5, 2025

Royal Adelaide Hospital

340K patient records exposed

View incident → Original disclosure Indexed 4 months ago

high · tech · Dec 3, 2025

OpenPLC ScadaBR

OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability — OpenPLC ScadaBR contains an unrestricted upload of file with dangerous type vulnerability that allows remote authenticated users to upload a

View incident → Original disclosure Indexed 4 months, 1 week ago

high · tech · Dec 2, 2025

Android Framework

Android Framework Privilege Escalation Vulnerability — Android Framework contains an unspecified vulnerability that allows for privilege escalation.

View incident → Original disclosure Indexed 4 months, 1 week ago

high · tech · Dec 2, 2025

Android Framework

Android Framework Information Disclosure Vulnerability — Android Framework contains an unspecified vulnerability that allows for information disclosure.

View incident → Original disclosure Indexed 4 months, 1 week ago

critical · retail · Dec 2, 2025