Allen & Overy
290K client records exposed in LockBit ransomware attack
2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.
290K client records exposed in LockBit ransomware attack
210K enterprise supply chain records exposed
890K customer records stolen
SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability — SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This co
React Native Community CLI OS Command Injection Vulnerability — React Native Community CLI contains an OS command injection vulnerability which could allow unauthenticated network attackers to send POST requests to the M
340K reinsurance policyholder records from global operations exposed in targeted attack
890K insurance records stolen in targeted attack
780K employee and operations records compromised
450K customer records exposed in targeted attack
780K advisor and client records exposed
180K streaming platform records exposed
280K restructuring records stolen
670K agricultural customer records stolen
120K client records from 47 offices worldwide exposed via compromised email gateway
1,435,174 records exposed — Dates of birth, Device information, Email addresses, Employers and 5 more
280K pharmaceutical manufacturing records exposed
81M citizen health records from Aadhaar-linked database exposed via API vulnerability
3.2M customer records exposed via SaaS vendor breach affecting loyalty program data
GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability — GitLab Community and Enterprise Editions contain a server-side request forgery vulnerability which could allow unauthorized exte
Sangoma FreePBX OS Command Injection Vulnerability — Sangoma FreePBX Endpoint Manager contains an OS command injection vulnerability that could allow for a post-authentication command injection by an authenticated known
2.15M customer records from connected vehicle services exposed via misconfigured cloud database
1.7M ITSM records from enterprise customers exposed via zero-day in Washington DC instance
Sangoma FreePBX Improper Authentication Vulnerability — Sangoma FreePBX contains an improper authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services
Wiz Security claims Moltbook misconfiguration allowed full read and write access