Live disclosure tracker · updated continuously

2026 Data Breaches Year-to-Date

2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.

98B+
Records Exposed
1184
Incidents
94+
Countries
+104%
Breach Velocity YoY
Browse by sector
All breaches Healthcare Finance Government Technology Retail Education Legal
Browse by year
2024 2025 2026 ★ Worst of 2026

2026 Data Breaches Year-to-Date (1184 indexed)

medium · tech · Jun 2, 2026

Infected Red Hat npm packages

Developers who pulled packages from Red Hat’s @redhat-cloud-services npm namespace over the weekend got a secret-stealing worm instead. Security researchers from several cybersecurity outlets are warning of a new supp

high · tech · Jun 2, 2026

Linux Kernel

Linux Kernel Improper Authentication Vulnerability — Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature.

high · tech · Jun 2, 2026

Android Framework

Android Framework Integer Overflow Vulnerability — Android Framework contains an integer overflow vulnerability that allows for code execution that could allow for local privilege escalation.

high · tech · Jun 1, 2026

Oracle WebLogic Server

Oracle WebLogic Server Unspecified Vulnerability — Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server.

medium · retail · May 29, 2026

Lack of response to critical

A newly discovered and so far unpatched critical vulnerability in the open source Gogs Git service not only demands immediate action from developers to secure their code, it also puts a spotlight on the potential issues

medium · healthcare · May 29, 2026

California AG Bonta Sues Chrome

Jaimie Ding reports: Attorney General Rob Bonta filed the lawsuit against Chrome Holding Co., which 23andMe rebranded under after filing for bankruptcy last March. 23andme is known for its direct-to-consumer DNA test kit

medium · other · May 29, 2026

In Other News

Noteworthy stories that might have slipped under the radar: Trump Mobile exposes customer data, phishers target the 2026 FIFA World Cup, CISA responds to recent supply chain attacks. The post In Other News: Trump Mobile

high · government · May 29, 2026

Thousands of Oregon prison files

Noelle Crombie reports on today’s reminder of the insider threat: A former Snake River Correctional Institution employee accessed tens of thousands of Oregon Department of Corrections files over a six-month period

critical · healthcare · May 29, 2026

GDPR set the tone for

Big tech firms continue to push back against fines levied for alleged violations of European data protection law, in what could be a harbinger for AI regulations to come. While lawyers and experts quizzed by CSO broad

high · tech · May 29, 2026

Palo Alto Networks PAN-OS

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability — Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorize

critical · tech · May 28, 2026

19.6 Billion Files Are Sitting

19.6 Billion files are exposed in misconfigured cloud buckets, including 685K credential files and nearly 1M database dumps. There’s a comfortable myth most people carry around: that the data they hand to companies