Live disclosure tracker · updated continuously

2026 Data Breaches Year-to-Date

2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.

98B+
Records Exposed
1177
Incidents
94+
Countries
+104%
Breach Velocity YoY
Browse by sector
All breaches Healthcare Finance Government Technology Retail Education Legal
Browse by year
2024 2025 2026 ★ Worst of 2026

2026 Data Breaches Year-to-Date (1177 indexed)

medium · legal · Jun 18, 2026

We Didn’t Have a Data

Esteban Morin, the Head of Legal at VRChat described a recent situation: Last week my company, VRChat, was the subject of multiple articles and social media outrage stemming from a data breach notice that was posted on t

View incident → Original disclosure Indexed 2 weeks, 1 day ago
high · tech · Jun 18, 2026

Splunk Enterprise

Splunk Enterprise Missing Authentication for Critical Function Vulnerability — Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create o

View incident → Original disclosure Indexed 2 weeks, 1 day ago
high · retail · Jun 18, 2026

FortiBleed campaign

A massive credential-compromise campaign dubbed “Fortibleed” has been found to expose tens of thousands of Fortinet devices worldwide, with researchers warning of persistent attacker access to affected enterprise environ

View incident → Original disclosure Indexed 2 weeks, 1 day ago
medium · other · Jun 18, 2026

ShapedPlugin update flow

Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack that distributed infected releases to paying customers via the vendor's official update system. [...]

View incident → Original disclosure Indexed 2 weeks, 1 day ago
medium · other · Jun 17, 2026

The Top 10 Attack Surface

Breaches don't always start with a zero-day. An exposed admin panel can get brute-forced, or credentials reused from a previous attack. But when a vulnerability does drop — like MongoBleed earlier this year, which let at

View incident → Original disclosure Indexed 2 weeks, 2 days ago
critical · healthcare · Jun 17, 2026

IE: HSE fined €300,000 after

Louise Hickey reports: The HSE has been fined €300,000 by the Data Protection Commission (DPC) over a breach of patient’s personal data in 2018 at the Midland Regional Hospital, Tullamore. The Data Protection Commission

View incident → Original disclosure Indexed 2 weeks, 2 days ago
critical · finance · Jun 17, 2026

What 22,000 breaches teach us

The 2026 Verizon Data Breach Investigations Report analyzed more than 22,000 confirmed data breaches across 145 countries. Its findings point to a single uncomfortable truth: organizations cannot patch fast enough to pre

View incident → Original disclosure Indexed 2 weeks, 2 days ago
medium · other · Jun 17, 2026

Kodak

Kodak has confirmed that it's working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the company's data. [...]

View incident → Original disclosure Indexed 2 weeks, 2 days ago
critical · other · Jun 16, 2026

One threat actor demanded $50

Yesterday, DataBreaches reported that FulcrumSec had hacked Danish pharmaceutical giant Novo Nordisk. FulcrumSec followed up on that reporting by releasing their own very detailed report on their dark web leak site about

View incident → Original disclosure Indexed 2 weeks, 3 days ago
medium · tech · Jun 15, 2026

Governing the ghost workforce

Every enterprise security team is fighting a workforce problem they cannot see on any org chart. Bots, service accounts, API keys, OAuth tokens, machine certificates — non-human identities now outnumber human ones in

View incident → Original disclosure Indexed 2 weeks, 4 days ago