Oman Ministry of Health
280K patient records exposed
2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.
280K patient records exposed
Microsoft Windows NULL Pointer Dereference Vulnerability — Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
The services of Florida-based payments platform BridgePay are offline due to a ransomware attack
SecurityScorecard has identified over 40,000 OpenClaw deployments exposed to potential attack
640K Skywards member records including travel history and contact data compromised
340K defense and aerospace employee records exposed via LockBit 3.0 ransomware
2.8M customer trading records and SSNs exposed via social engineering attack on support staff
440K patient records exposed in spear-phishing attack on Massachusetts health system
1.1M taxpayer records exposed via zero-day in myGov authentication system
620K enterprise workflow configurations exposed via compromised instance admin accounts
680K shopper and customer records exposed via third-party payment processor compromise
9.4M passenger records re-exposed as 2018 breach data reappears on new dark web marketplace
3.4M patient pharmacy and insurance records exposed via compromised prescription gateway
380K student and staff records compromised in targeted phishing campaign
Payment gateway ransomware attack causes widespread merchant and municipal outages
440K customer records from FortiGate management portal exposed via zero-day authentication bypass
697K subscriber records exposed — email addresses, phone numbers, internal metadata
Substack did not specify the number of users affected by the data breach
180K client portfolio records accessed by compromised contractor with elevated privileges
663,121 records exposed — Email addresses, Phone numbers
560K medical records compromised
210K student records exposed
3.2M credit card applicant records exposed via new cloud misconfiguration — second incident
1.2M customer payment records exposed in POS breach