Live disclosure tracker · updated continuously

2026 Data Breaches Year-to-Date

2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.

98B+
Records Exposed
1185
Incidents
94+
Countries
+104%
Breach Velocity YoY
Browse by sector
All breaches Healthcare Finance Government Technology Retail Education Legal
Browse by year
2024 2025 2026 ★ Worst of 2026

2026 Data Breaches Year-to-Date (1185 indexed)

medium · education · May 12, 2026

Homeland Security wants to know

Breaches involving school-related vendors such as PowerSchool and Instructure are causing major headaches for schools, students, and parents. They are also getting more attention from Congress. While some breaches have n

View incident → Original disclosure Indexed 1 month, 3 weeks ago
medium · finance · May 12, 2026

US bank

Connor Jones reports: A US commercial bank just tattled on itself to the Securities and Exchange Commission (SEC) for plugging a bunch of customer data into an unauthorized AI application. Community Bank, which operates

View incident → Original disclosure Indexed 1 month, 3 weeks ago
critical · other · May 12, 2026

UK fines water supplier $1.3M

The Information Commissioner's Office has fined South Staffordshire Water Plc and parent company South Staffordshire Plc £963,900 ($1.3 million) over a cyberattack that exposed the personal data of 663,887 customers and

View incident → Original disclosure Indexed 1 month, 3 weeks ago
medium · other · May 12, 2026

Foxconn

A spokesperson for the company confirmed the incident but declined to provide specifics on how many factories in North America were impacted. Foxconn has factories in Wisconsin, Ohio, Texas, Virginia, Indiana and several

View incident → Original disclosure Indexed 1 month, 3 weeks ago
high · healthcare · May 11, 2026

Thousands of DICOM servers

From the way-too-slow-learning-curve dept. Steve Alder reports: Healthcare organizations are exposing a vast amount of patient data by failing to implement even basic security measures for DICOM servers, according to a r

View incident → Original disclosure Indexed 1 month, 3 weeks ago
medium · government · May 11, 2026

Korea’s child rights agency data

Jung Da-hyun reports: A recent data breach at the National Center for the Rights of the Child (NCRC), exposing sensitive personal records of adoptees, is drawing criticism from overseas adoptee groups and raising questio

View incident → Original disclosure Indexed 1 month, 3 weeks ago
medium · education · May 11, 2026

Instructure

Education technology giant Instructure has confirmed that a security vulnerability allowed hackers to modify Canvas login portals and leave an extortion message. [...]

View incident → Original disclosure Indexed 1 month, 3 weeks ago
high · other · May 11, 2026

Canvas System Is Online After

Tens of thousands of students studying for final exams around the world have regained access to a key online learning system after a cyberattack had earlier knocked it offline. The post Canvas System Is Online After a Cy

View incident → Original disclosure Indexed 1 month, 3 weeks ago
medium · other · May 11, 2026

Identity security firm SailPoint

SailPoint disclosed a GitHub repository breach on April 20. The company contained the incident and said no customer data was affected. SailPoint is a cybersecurity company that provides identity security and identity gov

View incident → Original disclosure Indexed 1 month, 3 weeks ago