Metro Inc. (Canada)
740K customer records from Jean Coutu pharmacy division exposed in ransomware attack
2026 Data Breaches Year-to-Date (462 indexed)
Odido Breach Impacts Millions of
Dutch telco Odido has revealed a major data breach impacting over six million customers
University of Pennsylvania
623,750 records exposed — Charitable donations, Dates of birth, Email addresses, Genders and 7 more
Bupa (UK/Global)
780K international health insurance member records exposed via insider data theft
IRS (Tax Vendor Breach)
1.8M taxpayer records exposed via compromised e-filing software vendor
Mayo Clinic
900K patient research records exposed via compromised genomics analysis platform
Nike Inc.
1.2M SNKRS app user records exposed — sneaker purchase history and payment data stolen
Equinix Data Centers
740K enterprise customer metadata and colocation records exposed in Netscaler vulnerability exploit
Zoom Communications (2026)
780K enterprise meeting recordings and transcripts accessed via compromised admin portal
Province of British Columbia
1.4M citizen records from provincial health and education systems compromised
Barclays Bank
780K customer records from wealth management division exposed via insider threat
Brookfield Asset Management
480K investor records from Canadian asset manager exposed via compromised fund admin portal
Lockheed Martin (Subcontractor)
Defense subcontractor breach exposes classified program metadata and personnel clearance records
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability — BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Suc
Odido (Dutch Telecom)
6.2M customer records including passport and bank account numbers leaked by ShinyHunters
Fake AI Assistants in Google
Hundreds of thousands of users have downloaded malicious AI extensions masquerading as ChatGPT, Gemini, Grok and others, warn cybersecurity researchers at LayerX
Microsoft Configuration Manager
Microsoft Configuration Manager SQL Injection Vulnerability — Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially cra
SolarWinds Web Help Desk
SolarWinds Web Help Desk Security Control Bypass Vulnerability — SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted
World Leaks Ransomware Group Adds
Accenture Cybersecurity warns over difficult to detect, “sophisticated toolset” being deployed as part of extortion campaigns
Apple Multiple Products
Apple Multiple Buffer Overflow Vulnerability — Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker w
Notepad++ Notepad++
Notepad++ Download of Code Without Integrity Check Vulnerability — Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or r
Lyft Inc.
290K driver and rider records exposed via compromised third-party background check vendor
Cerner / Oracle Health
5.9M patient records exposed after legacy Cerner migration database left unsecured on Oracle Cloud
Delta Air Lines
870K SkyMiles member records and passport data exposed via compromised CrowdStrike integration