Live disclosure tracker · updated continuously

2026 Data Breaches Year-to-Date

2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.

98B+
Records Exposed
1185
Incidents
94+
Countries
+104%
Breach Velocity YoY
Browse by sector
All breaches Healthcare Finance Government Technology Retail Education Legal
Browse by year
2024 2025 2026 ★ Worst of 2026

2026 Data Breaches Year-to-Date (1185 indexed)

medium · tech · Apr 22, 2026

BlueLeaks 2.0

Overview and Background This is the first of what will likely be several updates to this site’s exclusive reporting on the “BlueLeaks 2.0” incident that exposed anonymous and sensitive tips by and about

View incident → Original disclosure Indexed 2 months, 1 week ago
medium · other · Apr 21, 2026

No Exploit Needed

The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still ha

View incident → Original disclosure Indexed 2 months, 2 weeks ago
critical · government · Apr 21, 2026

French govt agency

France Titres, the government agency in France for issuing and managince administrative documents has disclosed a data breach after a threat actor claimed the attack and stealing citizen data. [...]

View incident → Original disclosure Indexed 2 months, 2 weeks ago
high · tech · Apr 20, 2026

JetBrains TeamCity

JetBrains TeamCity Relative Path Traversal Vulnerability — JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.

View incident → Original disclosure Indexed 2 months, 2 weeks ago
high · tech · Apr 20, 2026

Cisco Catalyst SD-WAN Manager

Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability — Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local

View incident → Original disclosure Indexed 2 months, 2 weeks ago
high · tech · Apr 20, 2026

PaperCut NG/MF

PaperCut NG/MF Improper Authentication Vulnerability — PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the Securit

View incident → Original disclosure Indexed 2 months, 2 weeks ago
high · tech · Apr 20, 2026

Kentico Kentico Xperience

Kentico Xperience Path Traversal Vulnerability — Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations.

View incident → Original disclosure Indexed 2 months, 2 weeks ago
high · tech · Apr 20, 2026

Cisco Catalyst SD-WAN Manager

Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability — Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability

View incident → Original disclosure Indexed 2 months, 2 weeks ago
high · tech · Apr 20, 2026

Cisco Catalyst SD-WAN Manger

Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability — Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface o

View incident → Original disclosure Indexed 2 months, 2 weeks ago
medium · tech · Apr 20, 2026

France’s ANTS ID System website

A cyberattack hit France’s ANTS website, possibly exposing personal data from users applying for IDs, passports, and driver’s licenses. A cyberattack targeted France’s ANTS platform, which handles applications for passpo

View incident → Original disclosure Indexed 2 months, 2 weeks ago