Recent Data Breaches — Live Disclosure Tracker

Latest Disclosures

high · tech · Jan 7, 2026

Microsoft Office

Microsoft Office PowerPoint Code Injection Vulnerability — Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineT

View incident → Original disclosure Indexed 3 months, 3 weeks ago

high · tech · Jan 7, 2026

Hewlett Packard Enterprise (HPE) OneView

Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability — Hewlett Packard Enterprise (HPE) OneView contains a code injection vulnerability that allows a remote unauthenticated user to perform remote code ex

View incident → Original disclosure Indexed 3 months, 3 weeks ago

high · other · Jan 6, 2026

Bombardier Aerospace

Engineering documents and employee data stolen via Accellion FTA exploit — posted on CL0P leak site

View incident → Original disclosure Indexed 3 months, 3 weeks ago

high · education · Jan 6, 2026

WhiteDate

20,363 records exposed — Ages, Astrological signs, Bios, Device information and 18 more

View incident → Original disclosure Indexed 3 months, 3 weeks ago

high · finance · Jan 5, 2026

Mapfre Insurance

450K policyholder records compromised

View incident → Original disclosure Indexed 3 months, 4 weeks ago

high · tech · Jan 5, 2026

Bandai Namco (Japan)

340K gaming records exposed in ransomware

View incident → Original disclosure Indexed 3 months, 4 weeks ago

high · finance · Jan 5, 2026

Banca Transilvania (Romania)

340K customer records stolen

View incident → Original disclosure Indexed 3 months, 4 weeks ago

critical · healthcare · Jan 5, 2026

NHS England (GP Surgeries)

2.6M patient records from 150+ GP surgeries exposed via shared IT platform compromise

View incident → Original disclosure Indexed 3 months, 4 weeks ago

medium · education · Jan 5, 2026

Rice University

180K student records stolen

View incident → Original disclosure Indexed 3 months, 4 weeks ago

high · healthcare · Jan 5, 2026

Takeda Pharmaceutical (Japan)

670K clinical records compromised

View incident → Original disclosure Indexed 3 months, 4 weeks ago

medium · retail · Jan 5, 2026

Sleep Country Canada

190K customer records compromised

View incident → Original disclosure Indexed 3 months, 4 weeks ago

high · finance · Jan 5, 2026

Bank Leumi (Israel)

560K customer records exposed in credential harvesting

View incident → Original disclosure Indexed 3 months, 4 weeks ago

high · government · Jan 5, 2026

Minnesota State Government

Excessive internal access resulted in unauthorized personal data exposure

View incident → Original disclosure Indexed 3 months, 4 weeks ago

high · retail · Jan 5, 2026

Falabella (Chile)

450K customer records stolen

View incident → Original disclosure Indexed 3 months, 4 weeks ago

high · education · Jan 5, 2026

Chicago Public Schools (2026)

670K student records stolen in ransomware attack

View incident → Original disclosure Indexed 3 months, 4 weeks ago

critical · government · Jan 5, 2026

Illinois State Government

System failure exposed personal data of residents publicly for four years

View incident → Original disclosure Indexed 3 months, 4 weeks ago

medium · other · Jan 5, 2026

ATCO Ltd (Alberta)

210K utility customer records compromised

View incident → Original disclosure Indexed 3 months, 4 weeks ago

high · other · Jan 5, 2026

ESB Networks (Ireland)

280K utility records compromised

View incident → Original disclosure Indexed 3 months, 4 weeks ago

high · healthcare · Jan 5, 2026

Copenhagen University Hospital

280K patient records stolen

View incident → Original disclosure Indexed 3 months, 4 weeks ago

critical · education · Jan 1, 2026

PowerSchool

62M student and teacher records exposed

View incident → Indexed 4 months ago

high · government · Jan 1, 2026

Conduent

Fortune 500 operational data — multiple state governments affected

View incident → Indexed 4 months ago

high · tech · Dec 29, 2025

MongoDB MongoDB and MongoDB Server

MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability — MongoDB Server contains an improper handling of length parameter inconsistency vulnerability in Zlib compressed protocol head

View incident → Original disclosure Indexed 4 months ago

high · tech · Dec 27, 2025

WIRED

2,364,431 records exposed — Dates of birth, Display names, Email addresses, Genders and 4 more

View incident → Original disclosure Indexed 4 months ago

high · government · Dec 26, 2025

Utair

401,400 records exposed — Dates of birth, Email addresses, Genders, Loyalty program details and 4 more

View incident → Original disclosure Indexed 4 months, 1 week ago

Recent Data Breach Disclosures

Latest Disclosures