Live disclosure tracker · updated continuously

2026 Data Breaches Year-to-Date

2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.

98B+
Records Exposed
1184
Incidents
94+
Countries
+104%
Breach Velocity YoY
Browse by sector
All breaches Healthcare Finance Government Technology Retail Education Legal
Browse by year
2024 2025 2026 ★ Worst of 2026

2026 Data Breaches Year-to-Date (1184 indexed)

medium · other · May 13, 2026

UK: Regulator fines water company

Maxine Brigue reports: The Information Commissioner’s Office (ICO) has fined utility company South Staffordshire Water £963,900 after a cyber attack that resulted in users’ personal information being extracted and publis

View incident → Original disclosure Indexed 1 month, 3 weeks ago
critical · other · May 13, 2026

Foxconn

Foxconn, the world's largest electronics manufacturer, says some of its North American factories are now working to resume normal operations after a cyberattack. [...]

View incident → Original disclosure Indexed 1 month, 3 weeks ago
critical · government · May 13, 2026

NL: Dutch watchdog says healthcare

In August 2025, research agency Bevolkingsonderzoek Nederland revealed that half a million women who had undergone cervical cancer screening had their data stolen. The research agency paid Nova ransomware gang’s de

View incident → Original disclosure Indexed 1 month, 3 weeks ago
medium · healthcare · May 13, 2026

OpenLoop Health

In January 2026, telehealth infrastructure firm OpenLoop Health suffered a security breach that exposed information of 716,000 people. OpenLoop Health confirmed a January 2026 cyberattack that exposed personal informatio

View incident → Original disclosure Indexed 1 month, 3 weeks ago
critical · other · May 12, 2026

UK fines water supplier $1.3M

The Information Commissioner's Office has fined South Staffordshire Water Plc and parent company South Staffordshire Plc £963,900 ($1.3 million) over a cyberattack that exposed the personal data of 663,887 customers and

View incident → Original disclosure Indexed 1 month, 3 weeks ago
medium · tech · May 12, 2026

Mistral AI SDK, TanStack Router

The TeamPCP threat group has pulled off another big supply chain attack which within a few hours this week was able to successfully compromise 170 Node Package Manager (npm) and PyPI packages. The attack affected the

View incident → Original disclosure Indexed 1 month, 3 weeks ago
critical · finance · May 12, 2026

West Pharmaceutical

West Pharmaceutical Services filed a report with the Securities and Exchange Commission (SEC) on Monday evening warning customers that a hacker breached the company network on May 4, stole data and encrypted systems.

View incident → Original disclosure Indexed 1 month, 3 weeks ago
medium · other · May 12, 2026

Foxconn

A spokesperson for the company confirmed the incident but declined to provide specifics on how many factories in North America were impacted. Foxconn has factories in Wisconsin, Ohio, Texas, Virginia, Indiana and several

View incident → Original disclosure Indexed 1 month, 3 weeks ago
medium · finance · May 12, 2026

US bank

Connor Jones reports: A US commercial bank just tattled on itself to the Securities and Exchange Commission (SEC) for plugging a bunch of customer data into an unauthorized AI application. Community Bank, which operates

View incident → Original disclosure Indexed 1 month, 3 weeks ago