Live disclosure tracker · updated continuously

Retail & E-Commerce Data Breaches

E-commerce platforms, point-of-sale systems, loyalty programs, and customer databases remain frequent targets for credential theft and card-skimming campaigns. Below is every retail-sector breach LeakTrace has indexed.

98B+

Records Exposed

594

Incidents

94+

Countries

+104%

Breach Velocity YoY

View Live Map → Run Free Exposure Scan RSS

Browse by sector

All breaches Healthcare Finance Government Technology Retail Education Legal

Browse by year

Retail & E-Commerce Data Breaches (594 indexed)

high · retail · Apr 4, 2026

Crunchyroll

1,195,684 records exposed — Email addresses

View incident → Original disclosure Indexed 1 week ago

high · retail · Mar 27, 2026

Wynn Resorts

800K employee records including SSNs and PII claimed by ShinyHunters

View incident → Indexed 2 weeks, 1 day ago

medium · retail · Mar 27, 2026

Starbucks

889 employee accounts compromised exposing SSNs, financial data via Partner Central

View incident → Indexed 2 weeks, 1 day ago

critical · retail · Mar 27, 2026

ManoMano (European DIY chain)

38M customer records including names, emails, phone numbers via third-party breach

View incident → Indexed 2 weeks, 1 day ago

critical · retail · Mar 27, 2026

Sears Home Services

3.7M chat logs and 1.4M audio files exposed containing PII from AI chatbot

View incident → Indexed 2 weeks, 1 day ago

high · retail · Mar 23, 2026

Lululemon Athletica

340K customer records from loyalty program and online orders exposed via web app vulnerability

View incident → Original disclosure Indexed 2 weeks, 5 days ago

critical · retail · Mar 9, 2026

Loblaw Companies (Canada)

2.8M PC Optimum loyalty member records stolen including purchase history and contact data

View incident → Original disclosure Indexed 1 month ago

critical · retail · Mar 6, 2026

Kroger Company

1.6M customer pharmacy and loyalty records exposed via FTP server misconfiguration

View incident → Original disclosure Indexed 1 month ago

critical · retail · Mar 5, 2026

Coles Group (Australia)

1.1M flybuys loyalty member records stolen via compromised marketing platform

View incident → Original disclosure Indexed 1 month ago

medium · retail · Mar 1, 2026

LVMH Group

210K luxury retail customer records exposed

View incident → Original disclosure Indexed 1 month, 1 week ago

critical · retail · Feb 25, 2026

Canadian Tire

1.1M customer loyalty records exposed in platform breach

View incident → Original disclosure Indexed 1 month, 2 weeks ago

medium · retail · Feb 20, 2026

CarMax

431,371 records exposed — Email addresses, Names, Phone numbers, Physical addresses

View incident → Original disclosure Indexed 1 month, 3 weeks ago

high · retail · Feb 18, 2026

Adidas (Third-Party Breach)

815K customer records stolen from third-party licensing partner — second breach in a year

View incident → Original disclosure Indexed 1 month, 3 weeks ago

high · retail · Feb 17, 2026

Canada Goose

581,877 records exposed — Device information, Email addresses, IP addresses, Names and 4 more

View incident → Original disclosure Indexed 1 month, 3 weeks ago

high · retail · Feb 16, 2026

Metro Inc. (Canada)

740K customer records from Jean Coutu pharmacy division exposed in ransomware attack

View incident → Original disclosure Indexed 1 month, 3 weeks ago

high · retail · Feb 15, 2026

Nike Inc.

1.2M SNKRS app user records exposed — sneaker purchase history and payment data stolen

View incident → Original disclosure Indexed 1 month, 3 weeks ago

high · retail · Feb 13, 2026

Fake AI Assistants in Google

Hundreds of thousands of users have downloaded malicious AI extensions masquerading as ChatGPT, Gemini, Grok and others, warn cybersecurity researchers at LayerX

View incident → Original disclosure Indexed 1 month, 4 weeks ago

critical · retail · Feb 11, 2026

Walgreens Boots Alliance

2.1M pharmacy patient records exposed via compromised health services vendor

View incident → Original disclosure Indexed 2 months ago

high · retail · Feb 10, 2026

Weston Foods (George Weston)

340K employee and supply records exposed

View incident → Original disclosure Indexed 2 months ago

high · retail · Feb 5, 2026

Zara (Inditex)

890K customer records stolen

View incident → Original disclosure Indexed 2 months ago

critical · retail · Feb 5, 2026

Couche-Tard (Circle K Canada)

1.2M customer payment records exposed in POS breach

View incident → Original disclosure Indexed 2 months ago

critical · retail · Feb 4, 2026

Home Depot (2026)

3.2M customer records exposed via SaaS vendor breach affecting loyalty program data

View incident → Original disclosure Indexed 2 months, 1 week ago

critical · retail · Jan 31, 2026

Panera Bread

5,112,502 records exposed — Email addresses, Names, Phone numbers, Physical addresses

View incident → Original disclosure Indexed 2 months, 1 week ago

high · retail · Jan 28, 2026

Target Corporation (2026)

890K customer credit applications and RedCard data exposed via compromised credit processor

View incident → Original disclosure Indexed 2 months, 2 weeks ago