Live disclosure tracker · updated continuously

Recent Data Breach Disclosures

Every confirmed data breach we've indexed across 25803+ incidents from healthcare, finance, technology, government, retail, and education. Sourced from Verizon DBIR, public disclosure feeds, and major security news outlets. Updated automatically.

98B+
Records Exposed
25803
Incidents
94+
Countries
+104%
Breach Velocity YoY
Browse by sector
All breaches Healthcare Finance Government Technology Retail Education Legal
Browse by year
2024 2025 2026 2026 Index

Latest Disclosures

high · tech · Jun 23, 2026

Lantronix EDS5000

Lantronix EDS5000 Code Injection Vulnerability — Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are exe

View incident → Original disclosure Indexed 2 weeks, 5 days ago
medium · education · Jun 20, 2026

JCPenney

368,418 records exposed — Dates of birth, Email addresses, Government issued IDs, Job titles and 4 more

View incident → Indexed 3 weeks, 1 day ago
high · tech · Jun 18, 2026

Splunk Enterprise

Splunk Enterprise Missing Authentication for Critical Function Vulnerability — Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create o

View incident → Original disclosure Indexed 3 weeks, 3 days ago
medium · finance · Jun 18, 2026

CFGI

248,235 records exposed — Email addresses, Employers, Job titles, Names and 2 more

View incident → Indexed 3 weeks, 3 days ago
medium · retail · Jun 18, 2026

Ralph Lauren

139,903 records exposed — Age groups, Email addresses, Genders, Names and 1 more

View incident → Indexed 3 weeks, 3 days ago
high · tech · Jun 15, 2026

Cisco Catalyst SD-WAN Manager

Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability — Cisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated, remote attacker to create a

View incident → Original disclosure Indexed 3 weeks, 6 days ago
high · tech · Jun 15, 2026

LiteSpeed cPanel Plugin

LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability — LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access

View incident → Original disclosure Indexed 3 weeks, 6 days ago
medium · education · Jun 15, 2026

Infinite Campus

137,123 records exposed — Email addresses, Employers, Job titles, Names and 4 more

View incident → Indexed 3 weeks, 6 days ago
medium · government · Jun 15, 2026

Berkadia

305,216 records exposed — Email addresses, Employers, Names, Phone numbers and 1 more

View incident → Indexed 3 weeks, 6 days ago
high · tech · Jun 11, 2026

Ivanti Sentry

Ivanti Sentry OS Command Injection Vulnerability — Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level

high · finance · Jun 10, 2026

University of Nottingham

454,635 records exposed — Academic records, Citizenship statuses, Dates of birth, Disabilities and 11 more

View incident → Indexed 1 month ago
high · tech · Jun 9, 2026

Cisco Catalyst SD-WAN Manager

Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability — Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerab

high · tech · Jun 9, 2026

Google Chromium V8

Google Chromium V8 Out-of-Bounds Read and Write Vulnerability — Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HT

critical · tech · Jun 8, 2026

Check Point Security Gateway

Check Point Security Gateway Improper Authentication Vulnerability — Check Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacke

high · tech · Jun 8, 2026

BerriAI LiteLLM

BerriAI LiteLLM Command Injection Vulnerability — BerriAI LiteLLM contains a command injection vulnerability that could allow any authenticated user, including holders of low-privilege internal-user keys, to run arbitrar

medium · retail · Jun 7, 2026

Baker Distributing

102,935 records exposed — Email addresses, Names, Phone numbers, Physical addresses and 1 more

View incident → Indexed 1 month ago
high · tech · Jun 5, 2026

SolarWinds Serv-U

SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability — SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: de

View incident → Original disclosure Indexed 1 month, 1 week ago
medium · retail · Jun 5, 2026

BCD Travel

396,313 records exposed — Email addresses, Employers, Job titles, Names and 3 more

View incident → Indexed 1 month, 1 week ago