Live disclosure tracker · updated continuously

2026 Data Breaches Year-to-Date

2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.

98B+
Records Exposed
1176
Incidents
94+
Countries
+104%
Breach Velocity YoY
Browse by sector
All breaches Healthcare Finance Government Technology Retail Education Legal
Browse by year
2024 2025 2026 ★ Worst of 2026

2026 Data Breaches Year-to-Date (1176 indexed)

medium · tech · Jun 24, 2026

How a malicious AI agent

A fake AI agent skill that passed security checks reached over 26,000 users through Instagram, highlighting new risks as enterprises rely on AI-driven tools. Some of the agents involved were tied to corporate accounts

View incident → Original disclosure Indexed 1 week, 2 days ago
medium · other · Jun 24, 2026

LastPass

Password manager LastPass is still dealing with the settlement from its 2022 data breach (see Related Posts, below, for background on that), but now it has another breach to disclose. Zack Whittaker reports: Password man

View incident → Original disclosure Indexed 1 week, 2 days ago
medium · other · Jun 24, 2026

Tata Electronics

Bill Toulas reports: Tata Electronics has confirmed in a statement to BleepingComputer that it was the target of a cyberattack that impacted parts of its IT infrastructure. The company emphasizes that its operations cont

View incident → Original disclosure Indexed 1 week, 2 days ago
medium · other · Jun 23, 2026

LastPass

LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company's OAuth tokens in the Klue supply chain attack earlier this month. [...]

View incident → Original disclosure Indexed 1 week, 3 days ago
high · finance · Jun 23, 2026

Change your cyber risk strategy

CSOs must re-write their cyber risk strategies because threat actors are increasing using AI to evade defenses, says a group of national cybersecurity agencies – a call that one expert immediately complained is too vague

View incident → Original disclosure Indexed 1 week, 3 days ago
high · tech · Jun 23, 2026

Ubiquiti UniFi OS

Ubiquiti UniFi OS Path Traversal Vulnerability — Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that coul

View incident → Original disclosure Indexed 1 week, 3 days ago
high · tech · Jun 23, 2026

Ubiquiti UniFi OS

Ubiquiti UniFi OS Improper Access Control Vulnerability — Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to

View incident → Original disclosure Indexed 1 week, 3 days ago
high · tech · Jun 23, 2026

Lantronix EDS5000

Lantronix EDS5000 Code Injection Vulnerability — Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are exe

View incident → Original disclosure Indexed 1 week, 3 days ago
critical · healthcare · Jun 23, 2026

Xsolis Data Breach Impacts 1.4

Xsolis disclosed a breach affecting 1.4M people after a phishing attack exposed personal and health data from its hospital clients’ systems. Healthcare tech company Xsolis, Inc. has disclosed a data breach impacting near

View incident → Original disclosure Indexed 1 week, 3 days ago
high · tech · Jun 23, 2026

Ubiquiti UniFi OS

Ubiquiti UniFi OS Improper Input Validation Vulnerability — Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injectio

View incident → Original disclosure Indexed 1 week, 3 days ago
critical · other · Jun 23, 2026

Healthtech firm Xolis

Healthcare technology company Xsolis says that sensitive data belonging to nearly 1.4 million individuals was compromised in a phishing attack that gave attackers access to its network. [...]

View incident → Original disclosure Indexed 1 week, 3 days ago
medium · other · Jun 23, 2026

Tata Electronics

Indian manufacturer Tata Electronics said a recent cybersecurity incident had "no impact" on operations. A cybercrime group had said it stolen confidential documents from the company.

View incident → Original disclosure Indexed 1 week, 3 days ago
critical · tech · Jun 23, 2026

DifyTap

Four flaws in Dify exposed cross-tenant data, documents and AI conversations. Two critical bugs enabled unauthenticated access and data theft. Zafran Labs researchers disclosed four vulnerabilities in Dify, the open-sour

View incident → Original disclosure Indexed 1 week, 3 days ago
medium · other · Jun 23, 2026

Klue

Customer data from several prominent cybersecurity firms was among that of hundreds of potential enterprise victims.

View incident → Original disclosure Indexed 1 week, 3 days ago
critical · healthcare · Jun 23, 2026

Xsolis Data Breach Affects 1.4

Threat actors gained access to personal and protected health information that Xsolis received from its clients. The post Xsolis Data Breach Affects 1.4 Million Individuals appeared first on SecurityWeek.

View incident → Original disclosure Indexed 1 week, 3 days ago