Retail & E-Commerce Data Breaches — Customer & Payment Compromises

Hundreds of thousands of users have downloaded malicious AI extensions masquerading as ChatGPT, Gemini, Grok and others, warn cybersecurity researchers at LayerX

View incident → Original disclosure Indexed 3 months, 2 weeks ago

critical · retail · Feb 11, 2026

Walgreens Boots Alliance

2.1M pharmacy patient records exposed via compromised health services vendor

View incident → Original disclosure Indexed 3 months, 2 weeks ago

high · retail · Feb 10, 2026

Weston Foods (George Weston)

340K employee and supply records exposed

View incident → Original disclosure Indexed 3 months, 2 weeks ago

high · retail · Feb 5, 2026

Zara (Inditex)

890K customer records stolen

View incident → Original disclosure Indexed 3 months, 3 weeks ago

critical · retail · Feb 5, 2026

Couche-Tard (Circle K Canada)

1.2M customer payment records exposed in POS breach

View incident → Original disclosure Indexed 3 months, 3 weeks ago

critical · retail · Feb 4, 2026

Home Depot (2026)

3.2M customer records exposed via SaaS vendor breach affecting loyalty program data

View incident → Original disclosure Indexed 3 months, 3 weeks ago

critical · retail · Jan 31, 2026

Panera Bread

5,112,502 records exposed — Email addresses, Names, Phone numbers, Physical addresses

View incident → Original disclosure Indexed 3 months, 3 weeks ago

high · retail · Jan 28, 2026

Woolworths Group (Australia)

860K Everyday Rewards member records exposed via supply chain software vulnerability

View incident → Original disclosure Indexed 3 months, 4 weeks ago

high · retail · Jan 28, 2026

Target Corporation (2026)

890K customer credit applications and RedCard data exposed via compromised credit processor

View incident → Original disclosure Indexed 3 months, 4 weeks ago

critical · retail · Jan 19, 2026

Raaga

10,225,145 records exposed — Ages, Dates of birth, Email addresses, Genders and 3 more

View incident → Original disclosure Indexed 4 months, 1 week ago

high · retail · Jan 15, 2026

Alimentation Couche-Tard (Canada)

620K Circle K loyalty customer records stolen from Canadian convenience store operator

View incident → Original disclosure Indexed 4 months, 1 week ago

critical · retail · Jan 13, 2026

Costco Wholesale

1.9M customer records stolen from payment processing system via skimming malware at warehouses

View incident → Original disclosure Indexed 4 months, 2 weeks ago

high · retail · Jan 10, 2026

Starbucks Corporation

950K rewards member records exposed via API vulnerability in mobile order-ahead system

View incident → Original disclosure Indexed 4 months, 2 weeks ago

high · retail · Jan 10, 2026

MEC (Mountain Equipment)

450K member records compromised

View incident → Original disclosure Indexed 4 months, 2 weeks ago

medium · retail · Jan 5, 2026

Sleep Country Canada

190K customer records compromised

View incident → Original disclosure Indexed 4 months, 3 weeks ago