Live disclosure tracker · updated continuously

2026 Data Breaches Year-to-Date

2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.

98B+
Records Exposed
747
Incidents
94+
Countries
+104%
Breach Velocity YoY
Browse by sector
All breaches Healthcare Finance Government Technology Retail Education Legal
Browse by year
2024 2025 2026 2026 Index

2026 Data Breaches Year-to-Date (747 indexed)

medium · tech · Apr 8, 2026

My Lovely AI

106,271 records exposed — Email addresses, Social media profiles

View incident → Indexed 3 months ago
high · tech · Apr 6, 2026

Fortinet FortiClient EMS

Fortinet FortiClient EMS Improper Access Control Vulnerability — Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or comma

high · tech · Apr 4, 2026

SongTrivia2

291,739 records exposed — Auth tokens, Avatars, Email addresses, Names and 2 more

View incident → Indexed 3 months, 1 week ago
high · tech · Apr 2, 2026

TrueConf Client

TrueConf Client Download of Code Without Integrity Check Vulnerability — TrueConf Client contains a download of code without integrity check vulnerability. An attacker who is able to influence the update delivery path ca

View incident → Original disclosure Indexed 3 months, 1 week ago
high · tech · Apr 1, 2026

Google Dawn

Google Dawn Use-After-Free Vulnerability — Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML pag

View incident → Original disclosure Indexed 3 months, 1 week ago
medium · government · Mar 31, 2026

Cuties AI

144,250 records exposed — Avatars, Display names, Email addresses

View incident → Indexed 3 months, 1 week ago
high · tech · Mar 30, 2026

Citrix NetScaler

Citrix NetScaler Out-of-Bounds Read Vulnerability — Citrix NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS and NDcPP contain an out-of-bounds reads vulnerability wh

View incident → Original disclosure Indexed 3 months, 1 week ago
high · tech · Mar 27, 2026

F5 BIG-IP

F5 BIG-IP Stack-Based Buffer Overflow Vulnerability — F5 BIG-IP APM contains a stack-based buffer overflow vulnerability that could allow a threat actor to achieve remote code execution.

View incident → Original disclosure Indexed 3 months, 2 weeks ago
high · tech · Mar 26, 2026

Scuf Gaming

128,683 records exposed — Display names, Email addresses, IP addresses, Passwords and 1 more

View incident → Indexed 3 months, 2 weeks ago
high · tech · Mar 26, 2026

Aquasecurity Trivy

Aquasecurity Trivy Embedded Malicious Code Vulnerability — Aquasecurity Trivy contains an embedded malicious code vulnerability that could allow an attacker to gain access to everything in the CI/CD environment, includin

View incident → Original disclosure Indexed 3 months, 2 weeks ago
high · tech · Mar 25, 2026

Langflow Langflow

Langflow Code Injection Vulnerability — Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication.

View incident → Original disclosure Indexed 3 months, 2 weeks ago
high · tech · Mar 23, 2026

RuneScape Boards

222,762 records exposed — Email addresses, IP addresses, Passwords, Usernames

View incident → Indexed 3 months, 2 weeks ago
high · tech · Mar 20, 2026

Apple Multiple Products

Apple Multiple Products Buffer Overflow Vulnerability — Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web con

View incident → Original disclosure Indexed 3 months, 3 weeks ago
high · tech · Mar 20, 2026

Laravel Livewire

Laravel Livewire Code Injection Vulnerability — Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios.

View incident → Original disclosure Indexed 3 months, 3 weeks ago
high · tech · Mar 20, 2026

Apple Multiple Products

Apple Multiple Products Improper Locking Vulnerability — Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected change

View incident → Original disclosure Indexed 3 months, 3 weeks ago
high · tech · Mar 20, 2026

Apple Multiple Products

Apple Multiple Products Classic Buffer Overflow Vulnerability — Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause une

View incident → Original disclosure Indexed 3 months, 3 weeks ago
high · finance · Mar 18, 2026

Aura

903,080 records exposed — Customer service records, Email addresses, IP addresses, Names and 2 more

View incident → Original disclosure Indexed 3 months, 3 weeks ago