Weil Gotshal & Manges
280K restructuring records stolen
2026 Data Breaches Year-to-Date (462 indexed)
Confluent
180K streaming platform records exposed
Capital One (2025)
3.2M credit card applicant records exposed via new cloud misconfiguration — second incident
LPL Financial
780K advisor and client records exposed
Discovery Health (South Africa)
560K medical records compromised
AGL Energy
450K customer records exposed in targeted attack
Equinor (Norway)
780K employee and operations records compromised
Generali Group
890K insurance records stolen in targeted attack
React Native Community CLI
React Native Community CLI OS Command Injection Vulnerability — React Native Community CLI contains an OS command injection vulnerability which could allow unauthenticated network attackers to send POST requests to the M
SmarterTools SmarterMail
SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability — SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This co
Swiss Re (Insurance)
340K reinsurance policyholder records from global operations exposed in targeted attack
Indian Council of Medical Research
81M citizen health records from Aadhaar-linked database exposed via API vulnerability
Home Depot (2026)
3.2M customer records exposed via SaaS vendor breach affecting loyalty program data
GitLab Community and Enterprise Editions
GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability — GitLab Community and Enterprise Editions contain a server-side request forgery vulnerability which could allow unauthorized exte
Toyota Motor (Global)
2.15M customer records from connected vehicle services exposed via misconfigured cloud database
Vibe-Coded Moltbook Exposes User Data,
Wiz Security claims Moltbook misconfiguration allowed full read and write access
ServiceNow
1.7M ITSM records from enterprise customers exposed via zero-day in Washington DC instance
Sangoma FreePBX
Sangoma FreePBX OS Command Injection Vulnerability — Sangoma FreePBX Endpoint Manager contains an OS command injection vulnerability that could allow for a post-authentication command injection by an authenticated known
Sangoma FreePBX
Sangoma FreePBX Improper Authentication Vulnerability — Sangoma FreePBX contains an improper authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services
SolarWinds Web Help Desk
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability — SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow a
DISA Global Solutions
3.3M employee records — background screening provider
View incident → Indexed 2 months, 1 week ago
Atrium Health (2026)
1.8M patient records exposed in supply chain attack
Horizon Health (New Brunswick)
290K patient records stolen
Block Inc (Square)
1.4M merchant records compromised in insider incident