2026 Data Breaches — Year-to-Date Disclosure Tracker

2026 Data Breaches Year-to-Date (462 indexed)

critical · retail · Jan 19, 2026

Raaga

10,225,145 records exposed — Ages, Dates of birth, Email addresses, Genders and 3 more

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · other · Jan 19, 2026

Magna International (Canada)

180K employee records from automotive parts manufacturer exposed via phishing attack

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · finance · Jan 19, 2026

Morgan Stanley (Cloud)

680K wealth management client records exposed via misconfigured cloud storage bucket

View incident → Original disclosure Indexed 2 months, 3 weeks ago

critical · tech · Jan 18, 2026

Fujitsu (Japan)

1.2M customer records from government IT contracts exposed via compromised ProjectWEB portal

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · government · Jan 18, 2026

Pass'Sport

6,366,133 records exposed — Email addresses, Genders, Names, Phone numbers and 1 more

View incident → Original disclosure Indexed 2 months, 3 weeks ago

critical · tech · Jan 18, 2026

Salesforce (Data Cloud)

3.4M CRM records from multiple tenants exposed via privilege escalation in Data Cloud module

View incident → Original disclosure Indexed 2 months, 3 weeks ago

critical · other · Jan 17, 2026

InterContinental Hotels (IHG)

1.3M guest reservation records including passport and payment data compromised

View incident → Original disclosure Indexed 2 months, 3 weeks ago

critical · finance · Jan 16, 2026

Visa Inc. (Token Service)

1.1M tokenized card records exposed via vulnerability in token provisioning service

View incident → Original disclosure Indexed 2 months, 3 weeks ago

critical · tech · Jan 16, 2026

Optus (Australia 2026)

2.8M customer records stolen via API vulnerability in self-service portal

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · education · Jan 15, 2026

Harvard University

520K alumni and donor records exposed via compromised advancement office database

View incident → Original disclosure Indexed 2 months, 4 weeks ago

critical · finance · Jan 15, 2026

Ally Financial (Auto Lending)

1.1M auto loan records exposed via compromised dealer management system integration

View incident → Original disclosure Indexed 2 months, 4 weeks ago

critical · tech · Jan 15, 2026

Match Group (Hinge / OkCupid)

10M+ dating records stolen by ShinyHunters via Okta SSO social engineering

View incident → Original disclosure Indexed 2 months, 4 weeks ago

critical · tech · Jan 15, 2026

Zscaler Cloud Security

150K enterprise zero-trust configurations exposed — test environment breach spread to prod

View incident → Original disclosure Indexed 2 months, 4 weeks ago

critical · government · Jan 15, 2026

Conduent (Government Contracts)

4.3M individuals affected via Fortune 500 contractor — multiple state governments impacted

View incident → Original disclosure Indexed 2 months, 4 weeks ago

high · retail · Jan 15, 2026

Alimentation Couche-Tard (Canada)

620K Circle K loyalty customer records stolen from Canadian convenience store operator

View incident → Original disclosure Indexed 2 months, 4 weeks ago

critical · finance · Jan 14, 2026

JPMorgan Chase (Vendor)

4.7M customer records exposed via compromised third-party payment processing vendor

View incident → Original disclosure Indexed 2 months, 4 weeks ago

critical · tech · Jan 14, 2026

Amazon Web Services (Customer Data)

2.8M customer billing records and account metadata exposed via misconfigured internal tool

View incident → Original disclosure Indexed 2 months, 4 weeks ago

high · finance · Jan 14, 2026

Rogers Bank (Canada)

320K credit card applicant records exposed via compromised underwriting platform

View incident → Original disclosure Indexed 2 months, 4 weeks ago

critical · retail · Jan 13, 2026

Costco Wholesale

1.9M customer records stolen from payment processing system via skimming malware at warehouses

View incident → Original disclosure Indexed 2 months, 4 weeks ago

high · tech · Jan 13, 2026

Microsoft Windows Information Disclosure Vulnerability — Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally.

View incident → Original disclosure Indexed 2 months, 4 weeks ago

critical · healthcare · Jan 13, 2026

Telus Health (Canada)

1.8M employee benefits records from Canadian health benefits platform compromised

View incident → Original disclosure Indexed 2 months, 4 weeks ago

high · government · Jan 12, 2026

New Zealand Ministry of Health

890K patient vaccination records exposed via misconfigured COVID-era data sharing portal

View incident → Original disclosure Indexed 3 months ago

high · tech · Jan 12, 2026

Gogs Gogs

Gogs Path Traversal Vulnerability — Gogs contains a path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution.

View incident → Original disclosure Indexed 3 months ago

critical · legal · Jan 12, 2026

Kirkland & Ellis LLP

Client M&A deal documents and litigation files exposed via compromised document management system

View incident → Original disclosure Indexed 3 months ago