Live disclosure tracker · updated continuously

2026 Data Breaches Year-to-Date

2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.

98B+
Records Exposed
1176
Incidents
94+
Countries
+104%
Breach Velocity YoY
Browse by sector
All breaches Healthcare Finance Government Technology Retail Education Legal
Browse by year
2024 2025 2026 ★ Worst of 2026

2026 Data Breaches Year-to-Date (1176 indexed)

medium · other · Jun 25, 2026

Cal Water Finds No Evidence

Mandiant has helped the California water utility investigate the cyberattack launched by Iranian hacker group Handala. The post Cal Water Finds No Evidence of OT Activity After Hackers Claimed They Could Disrupt Water Su

View incident → Original disclosure Indexed 1 week, 1 day ago
medium · finance · Jun 25, 2026

Rethinking the balance between AI

The new CIO mandate is clear: facilitate AI adoption across the enterprise at speed. According to CIO.com’s State of the CIO survey, CEOs’ top priority for their IT executives is to capitalize on AI. From researching

View incident → Original disclosure Indexed 1 week, 1 day ago
critical · government · Jun 25, 2026

GRC is broken. FedRAMP 20x

We are auditing a curated version of history. I’ve worked in security long enough now to know something most of us don’t really say out loud. A lot of compliance is theatre. Not all of it, and not all auditors or fram

View incident → Original disclosure Indexed 1 week, 1 day ago
high · tech · Jun 25, 2026

PTC Windchill and FlexPLM

PTC Windchill and FlexPLM Improper Input Validation Vulnerability — PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by

View incident → Original disclosure Indexed 1 week, 1 day ago
high · tech · Jun 25, 2026

PTC Windchill and FlexPLM

PTC Windchill and FlexPLM Improper Input Validation Vulnerability — PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by

View incident → Original disclosure Indexed 1 week, 1 day ago
medium · other · Jun 24, 2026

LastPass

Password manager LastPass is still dealing with the settlement from its 2022 data breach (see Related Posts, below, for background on that), but now it has another breach to disclose. Zack Whittaker reports: Password man

View incident → Original disclosure Indexed 1 week, 2 days ago
medium · other · Jun 24, 2026

How Hackers Broke into Madison

Joseph Cox reports: The hackers that stole a large cache of data from Madison Square Garden called a low level employee and tricked them into letting the hackers into MSG’s systems, according to the hackers and 404 Media

View incident → Original disclosure Indexed 1 week, 2 days ago
medium · other · Jun 24, 2026

Tata Electronics

Bill Toulas reports: Tata Electronics has confirmed in a statement to BleepingComputer that it was the target of a cyberattack that impacted parts of its IT infrastructure. The company emphasizes that its operations cont

View incident → Original disclosure Indexed 1 week, 2 days ago
medium · other · Jun 24, 2026

Tata Electronics

Bill Toulas reports: Tata Electronics has confirmed in a statement to BleepingComputer that it was the target of a cyberattack that impacted parts of its IT infrastructure. The company emphasizes that its operations cont

View incident → Original disclosure Indexed 1 week, 2 days ago
medium · other · Jun 24, 2026

How Hackers Broke into Madison

Joseph Cox reports: The hackers that stole a large cache of data from Madison Square Garden called a low level employee and tricked them into letting the hackers into MSG’s systems, according to the hackers and 404 Media

View incident → Original disclosure Indexed 1 week, 2 days ago
medium · other · Jun 24, 2026

LastPass

Password manager LastPass is still dealing with the settlement from its 2022 data breach (see Related Posts, below, for background on that), but now it has another breach to disclose. Zack Whittaker reports: Password man

View incident → Original disclosure Indexed 1 week, 2 days ago
medium · tech · Jun 24, 2026

How a malicious AI agent

A fake AI agent skill that passed security checks reached over 26,000 users through Instagram, highlighting new risks as enterprises rely on AI-driven tools. Some of the agents involved were tied to corporate accounts

View incident → Original disclosure Indexed 1 week, 2 days ago