Live disclosure tracker · updated continuously

2026 Data Breaches Year-to-Date

2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.

98B+
Records Exposed
1181
Incidents
94+
Countries
+104%
Breach Velocity YoY
Browse by sector
All breaches Healthcare Finance Government Technology Retail Education Legal
Browse by year
2024 2025 2026 ★ Worst of 2026

2026 Data Breaches Year-to-Date (1181 indexed)

high · tech · Jun 8, 2026

Check Point Security Gateway

Check Point Security Gateway Improper Authentication Vulnerability — Check Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacke

View incident → Original disclosure Indexed 3 weeks, 4 days ago
medium · other · Jun 8, 2026

SoFi

SoFi Hong Kong is warning that it suffered a data breach after hackers gained access to a database at a third-party vendor containing customer information. [...]

View incident → Original disclosure Indexed 3 weeks, 4 days ago
medium · other · Jun 8, 2026

Meta AI Recovery Tool Flaw

A flaw in Meta’s AI-powered Instagram recovery tool exposed over 20,000 accounts, letting attackers reset passwords and take over profiles. Meta’s High Touch Support tool, known as HTS, was designed to help I

View incident → Original disclosure Indexed 3 weeks, 4 days ago
critical · healthcare · Jun 8, 2026

JP: Hokkaido hospitals data leak

NHK News reports: Japan’s National Hospital Organization says hard drives from two hospitals in Hokkaido were listed on auction sites, resulting in a leak of personal information from at least 180,000 patients and

View incident → Original disclosure Indexed 3 weeks, 4 days ago
high · tech · Jun 8, 2026

BerriAI LiteLLM

BerriAI LiteLLM Command Injection Vulnerability — BerriAI LiteLLM contains a command injection vulnerability that could allow any authenticated user, including holders of low-privilege internal-user keys, to run arbitrar

View incident → Original disclosure Indexed 3 weeks, 4 days ago
medium · education · Jun 8, 2026

Oxford University

The University of Oxford disclosed a new data breach last week after being informed by its third-party provider, Group GTI, that its CareerConnect career services platform had been compromised. [...]

View incident → Original disclosure Indexed 3 weeks, 4 days ago
critical · finance · Jun 8, 2026

Why most enterprise security teams

Have you ever watched a military cyber ops team go to work responding to a cyberattack simulation? It’s like that scene from Die Hard 4.0 when all the screens start flashing red and systems start shutting down; however,

View incident → Original disclosure Indexed 3 weeks, 4 days ago
critical · other · Jun 7, 2026

DentaQuest Breach

ShinyHunters leaked 234 GB of data allegedly stolen from DentaQuest after failed negotiations, potentially impacting 2.6 million people. The ShinyHunters extortion group has published a 234 GB archive of data allegedly s

View incident → Original disclosure Indexed 3 weeks, 5 days ago
medium · other · Jun 7, 2026

Silent Ransom Group targets law

The Silent Ransom Group extortion gang is actively targeting U.S. law firms and professional services organizations in social engineering attacks that often lead to data theft within hours of initial contact, according t

View incident → Original disclosure Indexed 3 weeks, 5 days ago
high · tech · Jun 5, 2026

SolarWinds Serv-U

SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability — SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: de