Live disclosure tracker · updated continuously

2026 Data Breaches Year-to-Date

2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.

98B+
Records Exposed
747
Incidents
94+
Countries
+104%
Breach Velocity YoY
Browse by sector
All breaches Healthcare Finance Government Technology Retail Education Legal
Browse by year
2024 2025 2026 2026 Index

2026 Data Breaches Year-to-Date (747 indexed)

high · tech · May 8, 2026

BerriAI LiteLLM

BerriAI LiteLLM SQL Injection Vulnerability — BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorized acces

medium · tech · May 7, 2026

Woflow

447,593 records exposed — Email addresses, Names, Phone numbers, Physical addresses

View incident → Indexed 2 months ago
high · tech · May 6, 2026

Palo Alto Networks PAN-OS

Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability — Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an un

medium · other · May 5, 2026

ISACA report

ISACA report warns that while AI has become the norm, many organizations are yet to formally apply safety or security policies around its use

View incident → Original disclosure Indexed 2 months, 1 week ago
high · finance · May 2, 2026

ZenBusiness

5,118,184 records exposed — Email addresses, Names, Phone numbers

View incident → Indexed 2 months, 1 week ago
high · tech · May 1, 2026

Linux Kernel

Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability — Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation.

View incident → Original disclosure Indexed 2 months, 1 week ago
medium · retail · May 1, 2026

Aman

215,563 records exposed — Dates of birth, Email addresses, Genders, Language preferences and 6 more

View incident → Indexed 2 months, 1 week ago
high · tech · Apr 28, 2026

Microsoft Windows

Microsoft Windows Protection Mechanism Failure Vulnerability — Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network.

View incident → Original disclosure Indexed 2 months, 2 weeks ago
critical · tech · Apr 28, 2026

ConnectWise ScreenConnect

ConnectWise ScreenConnect Path Traversal Vulnerability — ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and cri

View incident → Original disclosure Indexed 2 months, 2 weeks ago
high · tech · Apr 27, 2026

Pitney Bowes

8,243,989 records exposed — Email addresses, Job titles, Names, Phone numbers and 1 more

View incident → Indexed 2 months, 2 weeks ago
high · government · Apr 27, 2026

ADT

5,488,888 records exposed — Dates of birth, Email addresses, Names, Partial government issued IDs and 2 more

View incident → Indexed 2 months, 2 weeks ago
high · finance · Apr 26, 2026

Udemy

1,401,259 records exposed — Email addresses, Employers, Job titles, Names and 3 more

View incident → Indexed 2 months, 2 weeks ago
critical · tech · Apr 24, 2026

SimpleHelp SimpleHelp

SimpleHelp Path Traversal Vulnerability — SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip).

View incident → Original disclosure Indexed 2 months, 2 weeks ago
critical · tech · Apr 24, 2026

SimpleHelp SimpleHelp

SimpleHelp Missing Authorization Vulnerability — SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be

View incident → Original disclosure Indexed 2 months, 2 weeks ago
high · tech · Apr 24, 2026

Samsung MagicINFO 9 Server

Samsung MagicINFO 9 Server Path Traversal Vulnerability — Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority.

View incident → Original disclosure Indexed 2 months, 2 weeks ago
high · tech · Apr 24, 2026

D-Link DIR-823X

D-Link DIR-823X Command Injection Vulnerability — D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to

View incident → Original disclosure Indexed 2 months, 2 weeks ago