Live disclosure tracker · updated continuously

2026 Data Breaches Year-to-Date

2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.

98B+

Records Exposed

462

Incidents

94+

Countries

+104%

Breach Velocity YoY

View Live Map → Run Free Exposure Scan RSS

Browse by sector

All breaches Healthcare Finance Government Technology Retail Education Legal

Browse by year

2026 Data Breaches Year-to-Date (462 indexed)

high · tech · Jan 10, 2026

Instagram (Alleged Leak)

17.5M account records posted to BreachForums

View incident → Original disclosure Indexed 3 months ago

critical · finance · Jan 10, 2026

CIRO (Canadian Investment Regulatory Org)

750K Canadian investors exposed — SINs, income, account statements via phishing attack

View incident → Original disclosure Indexed 3 months ago

critical · government · Jan 9, 2026

Social Security Administration

3.6M beneficiary records exposed via compromised contractor with access to benefits system

View incident → Original disclosure Indexed 3 months ago

medium · tech · Jan 8, 2026

Linear (Project Management)

120K workspace records exposed via OAuth misconfiguration

View incident → Original disclosure Indexed 3 months ago

critical · other · Jan 8, 2026

Accenture (Client Data)

1.4M client consulting records from 23 countries exposed via LockBit affiliate intrusion

View incident → Original disclosure Indexed 3 months ago

critical · healthcare · Jan 8, 2026

MedStar Health (2026)

2.1M patient records compromised in ransomware incident

View incident → Original disclosure Indexed 3 months ago

critical · healthcare · Jan 8, 2026

Epic Systems (Vendor Incident)

2.1M patient records accessed via compromised third-party integration at EHR giant

View incident → Original disclosure Indexed 3 months ago

critical · healthcare · Jan 8, 2026

Cleveland Clinic

1.3M patient records exposed via zero-day in medical imaging PACS system

View incident → Original disclosure Indexed 3 months ago

high · tech · Jan 7, 2026

Hewlett Packard Enterprise (HPE) OneView

Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability — Hewlett Packard Enterprise (HPE) OneView contains a code injection vulnerability that allows a remote unauthenticated user to perform remote code ex

View incident → Original disclosure Indexed 3 months ago

high · tech · Jan 7, 2026

Microsoft Office

Microsoft Office PowerPoint Code Injection Vulnerability — Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineT

View incident → Original disclosure Indexed 3 months ago

high · other · Jan 7, 2026

SNC-Lavalin / AtkinsRealis (Canada)

190K employee and project records from Canadian engineering firm compromised

View incident → Original disclosure Indexed 3 months ago

high · education · Jan 6, 2026

WhiteDate

20,363 records exposed — Ages, Astrological signs, Bios, Device information and 18 more

View incident → Original disclosure Indexed 3 months, 1 week ago

high · other · Jan 6, 2026

Bombardier Aerospace

Engineering documents and employee data stolen via Accellion FTA exploit — posted on CL0P leak site

View incident → Original disclosure Indexed 3 months, 1 week ago

high · education · Jan 5, 2026

Chicago Public Schools (2026)

670K student records stolen in ransomware attack

View incident → Original disclosure Indexed 3 months, 1 week ago

high · tech · Jan 5, 2026

Bandai Namco (Japan)

340K gaming records exposed in ransomware

View incident → Original disclosure Indexed 3 months, 1 week ago

critical · healthcare · Jan 5, 2026

NHS England (GP Surgeries)

2.6M patient records from 150+ GP surgeries exposed via shared IT platform compromise

View incident → Original disclosure Indexed 3 months, 1 week ago

medium · other · Jan 5, 2026

ATCO Ltd (Alberta)

210K utility customer records compromised

View incident → Original disclosure Indexed 3 months, 1 week ago

medium · education · Jan 5, 2026

Rice University

180K student records stolen

View incident → Original disclosure Indexed 3 months, 1 week ago

high · healthcare · Jan 5, 2026

Copenhagen University Hospital

280K patient records stolen

View incident → Original disclosure Indexed 3 months, 1 week ago

high · finance · Jan 5, 2026

Banca Transilvania (Romania)

340K customer records stolen

View incident → Original disclosure Indexed 3 months, 1 week ago

high · finance · Jan 5, 2026

Bank Leumi (Israel)

560K customer records exposed in credential harvesting

View incident → Original disclosure Indexed 3 months, 1 week ago

high · retail · Jan 5, 2026

Falabella (Chile)

450K customer records stolen

View incident → Original disclosure Indexed 3 months, 1 week ago

high · other · Jan 5, 2026

ESB Networks (Ireland)

280K utility records compromised

View incident → Original disclosure Indexed 3 months, 1 week ago

critical · government · Jan 5, 2026

Illinois State Government

System failure exposed personal data of residents publicly for four years

View incident → Original disclosure Indexed 3 months, 1 week ago