Live disclosure tracker · updated continuously

2026 Data Breaches Year-to-Date

2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.

98B+

Records Exposed

645

Incidents

94+

Countries

+104%

Breach Velocity YoY

View Live Map → Run Free Exposure Scan RSS

Browse by sector

All breaches Healthcare Finance Government Technology Retail Education Legal

Browse by year

2026 Data Breaches Year-to-Date (645 indexed)

critical · retail · Feb 5, 2026

Couche-Tard (Circle K Canada)

1.2M customer payment records exposed in POS breach

View incident → Original disclosure Indexed 2 months, 4 weeks ago

high · legal · Feb 5, 2026

Weil Gotshal & Manges

280K restructuring records stolen

View incident → Original disclosure Indexed 2 months, 4 weeks ago

critical · healthcare · Feb 4, 2026

Indian Council of Medical Research

81M citizen health records from Aadhaar-linked database exposed via API vulnerability

View incident → Original disclosure Indexed 2 months, 4 weeks ago

critical · retail · Feb 4, 2026

Home Depot (2026)

3.2M customer records exposed via SaaS vendor breach affecting loyalty program data

View incident → Original disclosure Indexed 2 months, 4 weeks ago

critical · tech · Feb 3, 2026

ServiceNow

1.7M ITSM records from enterprise customers exposed via zero-day in Washington DC instance

View incident → Original disclosure Indexed 3 months ago

medium · tech · Feb 3, 2026

Vibe-Coded Moltbook Exposes User Data,

Wiz Security claims Moltbook misconfiguration allowed full read and write access

View incident → Original disclosure Indexed 3 months ago

high · tech · Feb 3, 2026

GitLab Community and Enterprise Editions

GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability — GitLab Community and Enterprise Editions contain a server-side request forgery vulnerability which could allow unauthorized exte

View incident → Original disclosure Indexed 3 months ago

high · tech · Feb 3, 2026

Sangoma FreePBX

Sangoma FreePBX OS Command Injection Vulnerability — Sangoma FreePBX Endpoint Manager contains an OS command injection vulnerability that could allow for a post-authentication command injection by an authenticated known

View incident → Original disclosure Indexed 3 months ago

high · tech · Feb 3, 2026

Sangoma FreePBX

Sangoma FreePBX Improper Authentication Vulnerability — Sangoma FreePBX contains an improper authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services

View incident → Original disclosure Indexed 3 months ago

high · tech · Feb 3, 2026

SolarWinds Web Help Desk

SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability — SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow a

View incident → Original disclosure Indexed 3 months ago

critical · other · Feb 3, 2026

Toyota Motor (Global)

2.15M customer records from connected vehicle services exposed via misconfigured cloud database

View incident → Original disclosure Indexed 3 months ago

high · healthcare · Feb 1, 2026

Baptist Health (Florida)

340K patient records compromised

View incident → Original disclosure Indexed 3 months ago

critical · finance · Feb 1, 2026

Block Inc (Square)

1.4M merchant records compromised in insider incident

View incident → Original disclosure Indexed 3 months ago

critical · finance · Feb 1, 2026

Japan Post Holdings

1.5M postal banking records exposed

View incident → Original disclosure Indexed 3 months ago

critical · government · Feb 1, 2026

DISA Global Solutions

3.3M employee records — background screening provider

View incident → Indexed 3 months ago

high · government · Feb 1, 2026

City of Nashville

450K resident records compromised in vendor breach

View incident → Original disclosure Indexed 3 months ago

critical · tech · Feb 1, 2026

Infosys (India)

6.5M client records from BPO division exposed via compromised McCamish Systems subsidiary

View incident → Original disclosure Indexed 3 months ago

high · healthcare · Feb 1, 2026

Horizon Health (New Brunswick)

290K patient records stolen

View incident → Original disclosure Indexed 3 months ago

critical · healthcare · Feb 1, 2026

Atrium Health (2026)

1.8M patient records exposed in supply chain attack

View incident → Original disclosure Indexed 3 months ago

critical · retail · Jan 31, 2026

Panera Bread

5,112,502 records exposed — Email addresses, Names, Phone numbers, Physical addresses

View incident → Original disclosure Indexed 3 months ago

critical · tech · Jan 31, 2026

Singtel (Singapore)

1.8M customer records exfiltrated from subsidiary Optus-linked systems via shared infrastructure

View incident → Original disclosure Indexed 3 months ago

critical · healthcare · Jan 30, 2026

Cigna Group

1.4M member pharmacy and benefits records accessed via compromised business associate

View incident → Original disclosure Indexed 3 months ago

high · other · Jan 30, 2026

Rio Tinto (Mining)

210K employee records and joint venture data compromised via compromised collaboration platform

View incident → Original disclosure Indexed 3 months ago

critical · government · Jan 29, 2026

Province of Ontario (ServiceOntario)

2.1M citizen records from drivers license and health card renewal system compromised

View incident → Original disclosure Indexed 3 months ago