2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.
Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability — Hewlett Packard Enterprise (HPE) OneView contains a code injection vulnerability that allows a remote unauthenticated user to perform remote code ex
Microsoft Office PowerPoint Code Injection Vulnerability — Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineT
Engineering documents and employee data stolen via Accellion FTA exploit — posted on CL0P leak site
20,363 records exposed — Ages, Astrological signs, Bios, Device information and 18 more
670K clinical records compromised
210K utility customer records compromised
340K customer records stolen
280K utility records compromised
180K student records stolen
560K customer records exposed in credential harvesting
670K student records stolen in ransomware attack
2.6M patient records from 150+ GP surgeries exposed via shared IT platform compromise
190K customer records compromised
System failure exposed personal data of residents publicly for four years
450K customer records stolen
280K patient records stolen
450K policyholder records compromised
Excessive internal access resulted in unauthorized personal data exposure
340K gaming records exposed in ransomware
Fortune 500 operational data — multiple state governments affected