Live disclosure tracker · updated continuously

2026 Data Breaches Year-to-Date

2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.

98B+

Records Exposed

645

Incidents

94+

Countries

+104%

Breach Velocity YoY

View Live Map → Run Free Exposure Scan RSS

Browse by sector

All breaches Healthcare Finance Government Technology Retail Education Legal

Browse by year

2026 Data Breaches Year-to-Date (645 indexed)

critical · healthcare · Feb 7, 2026

CVS Health / Aetna

3.4M patient pharmacy and insurance records exposed via compromised prescription gateway

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · tech · Feb 6, 2026

Substack

697K subscriber records exposed — email addresses, phone numbers, internal metadata

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · tech · Feb 6, 2026

Fortinet (Security Vendor)

440K customer records from FortiGate management portal exposed via zero-day authentication bypass

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · finance · Feb 6, 2026

BridgePay Network Solutions

Payment gateway ransomware attack causes widespread merchant and municipal outages

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · finance · Feb 6, 2026

Goldman Sachs (Contractor)

180K client portfolio records accessed by compromised contractor with elevated privileges

View incident → Original disclosure Indexed 2 months, 3 weeks ago

medium · other · Feb 6, 2026

Substack Confirms Data Breach, "Limited

Substack did not specify the number of users affected by the data breach

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · finance · Feb 5, 2026

LPL Financial

780K advisor and client records exposed

View incident → Original disclosure Indexed 2 months, 4 weeks ago

medium · tech · Feb 5, 2026

Confluent

180K streaming platform records exposed

View incident → Original disclosure Indexed 2 months, 4 weeks ago

high · healthcare · Feb 5, 2026

Discovery Health (South Africa)

560K medical records compromised

View incident → Original disclosure Indexed 2 months, 4 weeks ago

high · other · Feb 5, 2026

Nutrien (Saskatchewan)

670K agricultural customer records stolen

View incident → Original disclosure Indexed 2 months, 4 weeks ago

high · other · Feb 5, 2026

AGL Energy

450K customer records exposed in targeted attack

View incident → Original disclosure Indexed 2 months, 4 weeks ago

high · legal · Feb 5, 2026

Baker McKenzie

120K client records from 47 offices worldwide exposed via compromised email gateway

View incident → Original disclosure Indexed 2 months, 4 weeks ago

high · other · Feb 5, 2026

Equinor (Norway)

780K employee and operations records compromised

View incident → Original disclosure Indexed 2 months, 4 weeks ago

high · finance · Feb 5, 2026

Generali Group

890K insurance records stolen in targeted attack

View incident → Original disclosure Indexed 2 months, 4 weeks ago

critical · tech · Feb 5, 2026

SmarterTools SmarterMail

SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability — SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This co

View incident → Original disclosure Indexed 2 months, 4 weeks ago

high · tech · Feb 5, 2026

React Native Community CLI

React Native Community CLI OS Command Injection Vulnerability — React Native Community CLI contains an OS command injection vulnerability which could allow unauthenticated network attackers to send POST requests to the M

View incident → Original disclosure Indexed 2 months, 4 weeks ago

high · healthcare · Feb 5, 2026

Lonza Group (Switzerland)

280K pharmaceutical manufacturing records exposed

View incident → Original disclosure Indexed 2 months, 4 weeks ago

high · retail · Feb 5, 2026

Zara (Inditex)

890K customer records stolen

View incident → Original disclosure Indexed 2 months, 4 weeks ago

critical · finance · Feb 5, 2026

Capital One (2025)

3.2M credit card applicant records exposed via new cloud misconfiguration — second incident

View incident → Original disclosure Indexed 2 months, 4 weeks ago

medium · tech · Feb 5, 2026

Kinaxis (Ottawa)

210K enterprise supply chain records exposed

View incident → Original disclosure Indexed 2 months, 4 weeks ago

medium · education · Feb 5, 2026

National Taiwan University

210K student records exposed

View incident → Original disclosure Indexed 2 months, 4 weeks ago

high · finance · Feb 5, 2026

Swiss Re (Insurance)

340K reinsurance policyholder records from global operations exposed in targeted attack

View incident → Original disclosure Indexed 2 months, 4 weeks ago

high · finance · Feb 5, 2026

Betterment

1,435,174 records exposed — Dates of birth, Device information, Email addresses, Employers and 5 more

View incident → Original disclosure Indexed 2 months, 4 weeks ago

high · legal · Feb 5, 2026

Allen & Overy

290K client records exposed in LockBit ransomware attack

View incident → Original disclosure Indexed 2 months, 4 weeks ago