Live disclosure tracker · updated continuously

2026 Data Breaches Year-to-Date

2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.

98B+

Records Exposed

645

Incidents

94+

Countries

+104%

Breach Velocity YoY

View Live Map → Run Free Exposure Scan RSS

Browse by sector

All breaches Healthcare Finance Government Technology Retail Education Legal

Browse by year

2026 Data Breaches Year-to-Date (645 indexed)

high · tech · Feb 10, 2026

Microsoft Windows

Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability — Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feat

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · tech · Feb 10, 2026

Microsoft Windows

Microsoft Windows NULL Pointer Dereference Vulnerability — Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · tech · Feb 10, 2026

Microsoft Windows

Microsoft Windows Shell Protection Mechanism Failure Vulnerability — Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature ov

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · tech · Feb 10, 2026

Microsoft Windows

Microsoft Windows Improper Privilege Management Vulnerability — Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privile

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · tech · Feb 10, 2026

Microsoft Windows

Microsoft Windows Type Confusion Vulnerability — Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · tech · Feb 10, 2026

Microsoft Office

Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability — Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · other · Feb 10, 2026

Rio Tinto (2026)

670K mining operational records exposed in targeted espionage

View incident → Original disclosure Indexed 2 months, 3 weeks ago

critical · tech · Feb 10, 2026

Deutsche Telekom (Germany)

3.1M customer records accessed via compromised customer service platform

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · finance · Feb 10, 2026

Banco de Chile

450K customer records exposed in credential harvesting

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · healthcare · Feb 10, 2026

Oman Ministry of Health

280K patient records exposed

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · government · Feb 10, 2026

SaskPower (Canada)

340K customer utility records exposed via compromised billing system vendor

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · retail · Feb 10, 2026

Weston Foods (George Weston)

340K employee and supply records exposed

View incident → Original disclosure Indexed 2 months, 3 weeks ago

medium · legal · Feb 10, 2026

Gowling WLG

210K client records compromised via vendor

View incident → Original disclosure Indexed 2 months, 3 weeks ago

critical · finance · Feb 9, 2026

Robinhood Markets (2026)

2.8M customer trading records and SSNs exposed via social engineering attack on support staff

View incident → Original disclosure Indexed 2 months, 3 weeks ago

medium · other · Feb 9, 2026

Researchers Find 40,000+ Exposed OpenClaw

SecurityScorecard has identified over 40,000 OpenClaw deployments exposed to potential attack

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · other · Feb 9, 2026

Emirates Airlines

640K Skywards member records including travel history and contact data compromised

View incident → Original disclosure Indexed 2 months, 3 weeks ago

critical · tech · Feb 9, 2026

BridgePay Confirms Ransomware Attack, No

The services of Florida-based payments platform BridgePay are offline due to a ransomware attack

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · government · Feb 9, 2026

Thales Group (France)

340K defense and aerospace employee records exposed via LockBit 3.0 ransomware

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · healthcare · Feb 8, 2026

Baystate Health

440K patient records exposed in spear-phishing attack on Massachusetts health system

View incident → Original disclosure Indexed 2 months, 3 weeks ago

critical · government · Feb 8, 2026

ATO Australia (Tax)

1.1M taxpayer records exposed via zero-day in myGov authentication system

View incident → Original disclosure Indexed 2 months, 3 weeks ago

critical · tech · Feb 8, 2026

ServiceNow ITSM Platform

620K enterprise workflow configurations exposed via compromised instance admin accounts

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · other · Feb 8, 2026

Instacart Grocery Delivery

680K shopper and customer records exposed via third-party payment processor compromise

View incident → Original disclosure Indexed 2 months, 3 weeks ago

critical · other · Feb 8, 2026

Cathay Pacific Airways

9.4M passenger records re-exposed as 2018 breach data reappears on new dark web marketplace

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · education · Feb 7, 2026

University of Toronto

380K student and staff records compromised in targeted phishing campaign

View incident → Original disclosure Indexed 2 months, 3 weeks ago