Live disclosure tracker · updated continuously

2026 Data Breaches Year-to-Date

2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.

98B+
Records Exposed
747
Incidents
94+
Countries
+104%
Breach Velocity YoY
Browse by sector
All breaches Healthcare Finance Government Technology Retail Education Legal
Browse by year
2024 2025 2026 2026 Index

2026 Data Breaches Year-to-Date (747 indexed)

critical · tech · Jul 8, 2026

Telco giant KDDI

Japanese telecommunications giant KDDI says that millions of people had their email addresses and passwords exposed after attackers breached an email platform used by five internet service providers (ISPs) in the country

high · tech · Jul 7, 2026

JoomShaper SP Page Builder

JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability — JoomShaper SP Page Builder contains an unrestricted upload of file with dangerous type vulnerability that allows unauthenticated

medium · other · Jul 7, 2026

Accenture

IT services giant Accenture has confirmed it suffered a security breach after a threat actor claimed to have stolen 35 GB of source code and other data from the company. [...]

medium · government · Jul 7, 2026

Chase Jordan

Chase Jordan reports an update in the litigation stemming from a 2024 breach by Hunters International. This case has raised a number of issues about standing and negligence and has been up and down in the courts, with pl

high · tech · Jul 7, 2026

Joomlack Page Builder

Joomlack Page Builder Improper Access Control Vulnerability — Joomlack Page Builder contains an improper access control vulnerability that could allow for remote code execution via unauthenticated arbitrary file upload.

high · tech · Jul 7, 2026

Adobe ColdFusion

Adobe ColdFusion Path Traversal Vulnerability — Adobe ColdFusion contains a path traversal vulnerability that could lead to arbitrary code execution in the context of the current user.

medium · healthcare · Jul 7, 2026

KIRO7

KIRO7 reports: The Washington Department of Social and Health Services (DSHS) is issuing a notice of a massive data breach that happened in March, potentially compromising the personal data of around 8,600 people. An int

high · tech · Jul 7, 2026

Langflow Langflow

Langflow Authorization Bypass Through User-Controlled Key Vulnerability — Langflow contains an authorization bypass through user-controlled key vulnerability which allows an authenticated attacker to execute any flow bel

critical · other · Jul 6, 2026

JadePuffer

An "agentic threat actor" successfully exploited a Langflow flaw to steal data from a production database server and encrypt other systems.