Live disclosure tracker · updated continuously

2026 Data Breaches Year-to-Date

2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.

98B+
Records Exposed
747
Incidents
94+
Countries
+104%
Breach Velocity YoY
Browse by sector
All breaches Healthcare Finance Government Technology Retail Education Legal
Browse by year
2024 2025 2026 2026 Index

2026 Data Breaches Year-to-Date (747 indexed)

high · tech · Apr 23, 2026

Marimo Marimo

Marimo Remote Code Execution Vulnerability — Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands.

View incident → Original disclosure Indexed 2 months, 2 weeks ago
critical · tech · Apr 22, 2026

Microsoft Defender

Microsoft Defender Insufficient Granularity of Access Control Vulnerability — Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate pr

View incident → Original disclosure Indexed 2 months, 2 weeks ago
high · tech · Apr 20, 2026

Cisco Catalyst SD-WAN Manger

Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability — Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface o

View incident → Original disclosure Indexed 2 months, 3 weeks ago
critical · tech · Apr 20, 2026

JetBrains TeamCity

JetBrains TeamCity Relative Path Traversal Vulnerability — JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed. — (Known ransomware-campaign exploita

View incident → Original disclosure Indexed 2 months, 3 weeks ago
high · tech · Apr 20, 2026

Cisco Catalyst SD-WAN Manager

Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability — Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local

View incident → Original disclosure Indexed 2 months, 3 weeks ago
high · tech · Apr 20, 2026

Kentico Kentico Xperience

Kentico Xperience Path Traversal Vulnerability — Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations.

View incident → Original disclosure Indexed 2 months, 3 weeks ago
critical · tech · Apr 20, 2026

PaperCut NG/MF

PaperCut NG/MF Improper Authentication Vulnerability — PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the Securit

View incident → Original disclosure Indexed 2 months, 3 weeks ago
high · tech · Apr 20, 2026

Cisco Catalyst SD-WAN Manager

Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability — Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability

View incident → Original disclosure Indexed 2 months, 3 weeks ago
high · retail · Apr 17, 2026

Amtrak

2,147,679 records exposed — Email addresses, Names, Physical addresses, Support tickets

View incident → Indexed 2 months, 3 weeks ago
high · tech · Apr 16, 2026

Apache ActiveMQ

Apache ActiveMQ Improper Input Validation Vulnerability — Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection.

View incident → Original disclosure Indexed 2 months, 3 weeks ago
critical · education · Apr 16, 2026

McGraw Hill

13,500,136 records exposed — Email addresses, Names, Phone numbers, Physical addresses

View incident → Indexed 2 months, 3 weeks ago
high · tech · Apr 14, 2026

Microsoft SharePoint Server

Microsoft SharePoint Server Improper Input Validation Vulnerability — Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a networ

View incident → Original disclosure Indexed 2 months, 4 weeks ago
high · tech · Apr 14, 2026

Microsoft Office

Microsoft Office Remote Code Execution — Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially craft

View incident → Original disclosure Indexed 2 months, 4 weeks ago
critical · tech · Apr 13, 2026

Microsoft Exchange Server

Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability — Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution. —

View incident → Original disclosure Indexed 2 months, 4 weeks ago
high · tech · Apr 13, 2026

Microsoft Windows

Microsoft Windows Out-of-Bounds Read Vulnerability — Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation

View incident → Original disclosure Indexed 2 months, 4 weeks ago
high · tech · Apr 13, 2026

Fortinet FortiClient EMS

Fortinet FortiClient EMS SQL Injection Vulnerability — Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically

View incident → Original disclosure Indexed 2 months, 4 weeks ago
high · retail · Apr 12, 2026

Hallmark

1,736,520 records exposed — Email addresses, Names, Phone numbers, Physical addresses and 1 more

View incident → Indexed 3 months ago