Commonwealth Bank (Australia)
1.9M customer records from wealth management division exposed via partner API vulnerability
2026 Data Breaches Year-to-Date (462 indexed)
FICOBA (French National Bank Registry)
1.2M bank accounts potentially compromised in national registry breach
US Department of Veterans Affairs
1.9M veteran health records exposed via compromised community care referral system
McGill University (Canada)
290K student and research records exposed via compromised research data portal
Telstra (Australia)
1.7M customer records exposed via compromised partner API in mobile services platform
United Airlines
480K frequent flyer records including passport numbers accessed via loyalty program vulnerability
Broadcom VMware vCenter Server
Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability — Broadcom VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. This could allow a malicious a
Tenet Healthcare
2.4M patient records stolen from 65 hospitals in coordinated supply chain attack
Prettier eslint-config-prettier
Prettier eslint-config-prettier Embedded Malicious Code Vulnerability — Prettier eslint-config-prettier contains an embedded malicious code vulnerability. Installing an affected package executes an install.js file that l
Vite Vitejs
Vite Vitejs Improper Access Control Vulnerability — Vite Vitejs contains an improper access control vulnerability that exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposi
Enbridge (Canada)
380K customer utility records and pipeline operations data exposed via compromised SCADA vendor
Versa Concerto
Versa Concerto Improper Authentication Vulnerability — Versa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker to ac
Synacor Zimbra Collaboration Suite (ZCS)
Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains a PHP remote file inclusion vulnerability that could allow for remote attackers to craf
Brown University (Ivy League)
42K student records exposed via zero-day in student information system — grades and SSNs
Shopify (Merchant Data)
860K merchant store records including revenue data exposed via compromised support tool
HSBC (Global)
1.6M customer records from US and UK operations exposed via MOVEit successor vulnerability
Ramsay Health Care (Australia)
2.3M patient records stolen from Australian private hospital operator
Under Armour
72,742,892 records exposed — Dates of birth, Email addresses, Genders, Geographic locations and 2 more
Cisco Unified Communications Manager
Cisco Unified Communications Products Code Injection Vulnerability — Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Comm
US Census Bureau
680K household survey response records exposed via misconfigured data sharing portal
Korea Telecom (South Korea)
8.7M customer records exposed via compromised customer portal at largest Korean telco
Crunchbase
Business intelligence platform breached — ShinyHunters claimed responsibility
UPS (Supply Chain Data)
1.5M shipping manifests and customs records exposed via compromised logistics API
US Postal Service
2.3M package tracking records and sender data exposed via compromised Informed Delivery API