Stripe Inc. (Merchant Data)
1.5M merchant processing records exposed via compromised internal dashboard access
2026 Data Breaches Year-to-Date (645 indexed)
Divine Skins
105,814 records exposed — Email addresses, Purchases, Usernames
Suncorp Group (Australia)
1.4M insurance policyholder records exposed via compromised claims processing system
Norton Rose Fulbright (Canada)
85K client records from Canadian offices exposed via supply chain compromise
LabCorp (Quest Integration)
820K patient lab results exposed via misconfigured API following Quest Diagnostics merger
Google Chromium V8
Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability — Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerabil
Toshiba (Japan)
430K employee and business partner records stolen in DarkAngels ransomware attack
Google Skia
Google Skia Out-of-Bounds Write Vulnerability — Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerabil
Adobe Inc. (Creative Cloud)
1.8M Creative Cloud subscriber records exposed via compromised customer success platform
California State University System
2.3M student records from 23 campuses exposed via compromised PeopleSoft instance
n8n n8n
n8n Improper Control of Dynamically-Managed Code Resources Vulnerability — n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for
National Australia Bank
1.3M customer records stolen via compromised third-party data analytics platform
TD Bank (Canada/US)
3.8M customer records exposed in cross-border data breach affecting Canadian and US operations
Sanofi (France)
1.2M clinical trial participant records exposed via compromised research data platform
Compromised WordPress Sites Deliver ClickFix
Over 250 legitimate websites, including news outlets and a US Senate candidate’s official webpage, been compromised to infect visitors with infostealers, warn Rapid7 researchers
France
French small and medium businesses remained the organizations most targeted by ransomware in 2025
Palantir Technologies (Vendor)
Contractor laptop with cached Gotham deployment configs and access tokens compromised
Ericsson Breach Exposes Data of
Ericsson data breach affects 15k employees/customers after third-party service provider compromise
Aon plc (Insurance)
620K policyholder records from cyber insurance division exposed in targeted attack
ShinyHunters Targets Hundreds of Websites
Prolific ShinyHunters group claims to have stolen data from nearly 400 websites in Experience Cloud attacks
SolarWinds Web Help Desk
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability — SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on t
Ivanti Endpoint Manager (EPM)
Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability — Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticat
SingHealth (Singapore 2026)
1.5M patient records from Singapore public healthcare system breached for second time
Loblaw Companies (Canada)
2.8M PC Optimum loyalty member records stolen including purchase history and contact data