2026 Data Breaches — Year-to-Date Disclosure Tracker

2026 Data Breaches Year-to-Date (645 indexed)

critical · finance · Jan 15, 2026

Ally Financial (Auto Lending)

1.1M auto loan records exposed via compromised dealer management system integration

View incident → Original disclosure Indexed 3 months, 2 weeks ago

critical · tech · Jan 15, 2026

Zscaler Cloud Security

150K enterprise zero-trust configurations exposed — test environment breach spread to prod

View incident → Original disclosure Indexed 3 months, 2 weeks ago

high · retail · Jan 15, 2026

Alimentation Couche-Tard (Canada)

620K Circle K loyalty customer records stolen from Canadian convenience store operator

View incident → Original disclosure Indexed 3 months, 2 weeks ago

high · education · Jan 15, 2026

Harvard University

520K alumni and donor records exposed via compromised advancement office database

View incident → Original disclosure Indexed 3 months, 2 weeks ago

critical · government · Jan 15, 2026

Conduent (Government Contracts)

4.3M individuals affected via Fortune 500 contractor — multiple state governments impacted

View incident → Original disclosure Indexed 3 months, 2 weeks ago

critical · tech · Jan 15, 2026

Match Group (Hinge / OkCupid)

10M+ dating records stolen by ShinyHunters via Okta SSO social engineering

View incident → Original disclosure Indexed 3 months, 2 weeks ago

high · finance · Jan 14, 2026

Rogers Bank (Canada)

320K credit card applicant records exposed via compromised underwriting platform

View incident → Original disclosure Indexed 3 months, 2 weeks ago

critical · tech · Jan 14, 2026

Amazon Web Services (Customer Data)

2.8M customer billing records and account metadata exposed via misconfigured internal tool

View incident → Original disclosure Indexed 3 months, 2 weeks ago

critical · finance · Jan 14, 2026

JPMorgan Chase (Vendor)

4.7M customer records exposed via compromised third-party payment processing vendor

View incident → Original disclosure Indexed 3 months, 2 weeks ago

high · tech · Jan 13, 2026

Microsoft Windows Information Disclosure Vulnerability — Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally.

View incident → Original disclosure Indexed 3 months, 2 weeks ago

critical · retail · Jan 13, 2026

Costco Wholesale

1.9M customer records stolen from payment processing system via skimming malware at warehouses

View incident → Original disclosure Indexed 3 months, 2 weeks ago

critical · healthcare · Jan 13, 2026

Telus Health (Canada)

1.8M employee benefits records from Canadian health benefits platform compromised

View incident → Original disclosure Indexed 3 months, 2 weeks ago

high · government · Jan 12, 2026

New Zealand Ministry of Health

890K patient vaccination records exposed via misconfigured COVID-era data sharing portal

View incident → Original disclosure Indexed 3 months, 3 weeks ago

high · tech · Jan 12, 2026

Gogs Gogs

Gogs Path Traversal Vulnerability — Gogs contains a path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution.

View incident → Original disclosure Indexed 3 months, 3 weeks ago

critical · legal · Jan 12, 2026