2026 Data Breaches — Year-to-Date Disclosure Tracker

International law enforcement operation led by Europol targets network of teenagers and young adults involved in ransomware attacks, extortion and other crimes

View incident → Original disclosure Indexed 1 month, 2 weeks ago

high · finance · Feb 27, 2026

Intact Financial (Canada)

560K insurance policyholder records compromised via ransomware attack on claims system

View incident → Original disclosure Indexed 1 month, 2 weeks ago

high · tech · Feb 26, 2026

OVHcloud (France)

920K customer records and server configurations exposed via compromised management portal

View incident → Original disclosure Indexed 1 month, 2 weeks ago

critical · finance · Feb 26, 2026

Odido

6,077,025 records exposed — Bank account numbers, Customer service comments, Dates of birth, Driver's licenses and 7 more

View incident → Original disclosure Indexed 1 month, 2 weeks ago

critical · retail · Feb 25, 2026

Canadian Tire

1.1M customer loyalty records exposed in platform breach

View incident → Original disclosure Indexed 1 month, 2 weeks ago

high · tech · Feb 25, 2026

Cisco SD-WAN Path Traversal Vulnerability — Cisco SD-WAN CLI contains a path traversal vulnerability that could allow an authenticated local attacker to gain elevated privileges via improper access controls on commands w

View incident → Original disclosure Indexed 1 month, 2 weeks ago

high · legal · Feb 25, 2026

VIQ Solutions (Court Transcripts)

Legal transcription vendor breach — sensitive court proceedings compromised via subcontractor

View incident → Original disclosure Indexed 1 month, 2 weeks ago

high · tech · Feb 25, 2026

Cisco Catalyst SD-WAN Controller and Manager

Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability — Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, contain an authenti

View incident → Original disclosure Indexed 1 month, 2 weeks ago

critical · government · Feb 25, 2026

State of California (DMV Vendor)

2.4M drivers license records exposed via compromised address verification contractor

View incident → Original disclosure Indexed 1 month, 2 weeks ago

critical · tech · Feb 24, 2026

Bell Canada (2026)

2.2M customer records exposed via compromised residential internet provisioning system

View incident → Original disclosure Indexed 1 month, 2 weeks ago

high · tech · Feb 24, 2026

Soliton Systems K.K FileZen

Soliton Systems K.K FileZen OS Command Injection Vulnerability — Soliton Systems K.K FileZen contains an OS command injection vulnerability when an user logs-in to the affected product and sends a specially crafted HTTP

View incident → Original disclosure Indexed 1 month, 2 weeks ago

critical · other · Feb 23, 2026

Leading Semiconductor Supplier Advantest Hit

Advantest, a Japanese specialist in testing computer chips for major semiconductor manufacturers, has deployed incident response protocols following a cybersecurity incident

View incident → Original disclosure Indexed 1 month, 2 weeks ago

high · government · Feb 23, 2026

Raytheon Technologies

430K defense contractor employee records and clearance data compromised via vendor

View incident → Original disclosure Indexed 1 month, 2 weeks ago

critical · healthcare · Feb 23, 2026

University of Mississippi Medical Center

University of Mississippi Medical Center is still scrambling to respond to a ransomware attack last Thursday

View incident → Original disclosure Indexed 1 month, 2 weeks ago

high · finance · Feb 22, 2026

PwC (Global)

380K audit client records exposed via compromised file transfer platform

View incident → Original disclosure Indexed 1 month, 3 weeks ago

high · finance · Feb 22, 2026

Sun Life Financial (Canada)

890K group benefits records compromised via ransomware at claims administrator

View incident → Original disclosure Indexed 1 month, 3 weeks ago

critical · tech · Feb 22, 2026

CarGurus

12,461,887 records exposed — Email addresses, IP addresses, Names, Phone numbers and 1 more

View incident → Original disclosure Indexed 1 month, 3 weeks ago

high · finance · Feb 21, 2026

Deloitte (Client Data)

240K audit client records from 12 countries exposed via compromised GlobalProtect VPN

View incident → Original disclosure Indexed 1 month, 3 weeks ago

high · government · Feb 20, 2026

VIQ Solutions (Canada)

Sensitive court transcripts compromised after Indian subcontractor breach — ignored warnings

View incident → Original disclosure Indexed 1 month, 3 weeks ago

high · tech · Feb 20, 2026

Roundcube Webmail

RoundCube Webmail Cross-site Scripting Vulnerability — RoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG document.

View incident → Original disclosure Indexed 1 month, 3 weeks ago