2026 Data Breaches — Year-to-Date Disclosure Tracker

2026 Data Breaches Year-to-Date (462 indexed)

critical · tech · Feb 9, 2026

BridgePay Confirms Ransomware Attack, No

The services of Florida-based payments platform BridgePay are offline due to a ransomware attack

View incident → Original disclosure Indexed 2 months ago

high · other · Feb 9, 2026

Emirates Airlines

640K Skywards member records including travel history and contact data compromised

View incident → Original disclosure Indexed 2 months ago

critical · finance · Feb 9, 2026

Robinhood Markets (2026)

2.8M customer trading records and SSNs exposed via social engineering attack on support staff

View incident → Original disclosure Indexed 2 months ago

critical · government · Feb 8, 2026

ATO Australia (Tax)

1.1M taxpayer records exposed via zero-day in myGov authentication system

View incident → Original disclosure Indexed 2 months ago

critical · other · Feb 8, 2026

Cathay Pacific Airways

9.4M passenger records re-exposed as 2018 breach data reappears on new dark web marketplace

View incident → Original disclosure Indexed 2 months ago

high · healthcare · Feb 8, 2026

Baystate Health

440K patient records exposed in spear-phishing attack on Massachusetts health system

View incident → Original disclosure Indexed 2 months ago

critical · tech · Feb 8, 2026

ServiceNow ITSM Platform

620K enterprise workflow configurations exposed via compromised instance admin accounts

View incident → Original disclosure Indexed 2 months ago

high · other · Feb 8, 2026

Instacart Grocery Delivery

680K shopper and customer records exposed via third-party payment processor compromise

View incident → Original disclosure Indexed 2 months ago

high · education · Feb 7, 2026

University of Toronto

380K student and staff records compromised in targeted phishing campaign

View incident → Original disclosure Indexed 2 months ago

critical · healthcare · Feb 7, 2026

CVS Health / Aetna

3.4M patient pharmacy and insurance records exposed via compromised prescription gateway

View incident → Original disclosure Indexed 2 months ago

high · finance · Feb 6, 2026

BridgePay Network Solutions

Payment gateway ransomware attack causes widespread merchant and municipal outages

View incident → Original disclosure Indexed 2 months ago

high · finance · Feb 6, 2026

Goldman Sachs (Contractor)

180K client portfolio records accessed by compromised contractor with elevated privileges

View incident → Original disclosure Indexed 2 months ago

medium · other · Feb 6, 2026

Substack Confirms Data Breach, "Limited

Substack did not specify the number of users affected by the data breach

View incident → Original disclosure Indexed 2 months ago

high · tech · Feb 6, 2026

Substack

697K subscriber records exposed — email addresses, phone numbers, internal metadata

View incident → Original disclosure Indexed 2 months ago

high · tech · Feb 6, 2026

Fortinet (Security Vendor)

440K customer records from FortiGate management portal exposed via zero-day authentication bypass

View incident → Original disclosure Indexed 2 months ago

critical · retail · Feb 5, 2026

Couche-Tard (Circle K Canada)

1.2M customer payment records exposed in POS breach

View incident → Original disclosure Indexed 2 months, 1 week ago

high · legal · Feb 5, 2026

Allen & Overy

290K client records exposed in LockBit ransomware attack

View incident → Original disclosure Indexed 2 months, 1 week ago

high · retail · Feb 5, 2026

Zara (Inditex)

890K customer records stolen

View incident → Original disclosure Indexed 2 months, 1 week ago

high · legal · Feb 5, 2026

Baker McKenzie

120K client records from 47 offices worldwide exposed via compromised email gateway

View incident → Original disclosure Indexed 2 months, 1 week ago

medium · tech · Feb 5, 2026

Kinaxis (Ottawa)

210K enterprise supply chain records exposed

View incident → Original disclosure Indexed 2 months, 1 week ago

high · finance · Feb 5, 2026

Betterment

1,435,174 records exposed — Dates of birth, Device information, Email addresses, Employers and 5 more

View incident → Original disclosure Indexed 2 months, 1 week ago

medium · education · Feb 5, 2026

National Taiwan University

210K student records exposed

View incident → Original disclosure Indexed 2 months, 1 week ago

high · healthcare · Feb 5, 2026

Lonza Group (Switzerland)

280K pharmaceutical manufacturing records exposed

View incident → Original disclosure Indexed 2 months, 1 week ago

high · other · Feb 5, 2026

Nutrien (Saskatchewan)

670K agricultural customer records stolen

View incident → Original disclosure Indexed 2 months, 1 week ago