Live disclosure tracker · updated continuously

Recent Data Breach Disclosures

Every confirmed data breach we've indexed across 5484+ incidents from healthcare, finance, technology, government, retail, and education. Sourced from Verizon DBIR, public disclosure feeds, and major security news outlets. Updated automatically.

98B+
Records Exposed
5484
Incidents
94+
Countries
+104%
Breach Velocity YoY
Browse by sector
All breaches Healthcare Finance Government Technology Retail Education Legal
Browse by year
2024 2025 2026 ★ Worst of 2026

Latest Disclosures

critical · healthcare · Jun 23, 2026

Xsolis Data Breach Affects 1.4

Threat actors gained access to personal and protected health information that Xsolis received from its clients. The post Xsolis Data Breach Affects 1.4 Million Individuals appeared first on SecurityWeek.

View incident → Original disclosure Indexed 1 week, 3 days ago
critical · other · Jun 22, 2026

Texas Parks & Wildlife Data

Hackers stole personal information after breaching the systems of a third-party license vendor serving TPWD. The post Texas Parks & Wildlife Data Breach Affects 3 Million Individuals appeared first on SecurityWeek.

View incident → Original disclosure Indexed 1 week, 4 days ago
medium · finance · Jun 22, 2026

Klue breach

An attacker broke into competitive-intelligence vendor Klue, stole OAuth tokens its customers use to connect to Salesforce and other platforms, and accessed data across multiple customer environments prompting the compan

View incident → Original disclosure Indexed 1 week, 4 days ago
critical · other · Jun 22, 2026

Texas Parks & Wildlife (TPWD)

Texas Parks and Wildlife Department (TPWD) breach exposed data of 3M people via a third-party license vendor, including sensitive personal information. The Texas Parks and Wildlife Department (TPWD) disclosed a data brea

View incident → Original disclosure Indexed 1 week, 4 days ago
critical · finance · Jun 22, 2026

JaredFromSubway MEV bot

The JaredFromSubway Ethereum MEV (Maximal Extractable Value) bot suffered a $15 million loss after an attacker manipulated the opportunity-detection logic by creating fake cryptocurrency trading opportunities. [...]

View incident → Original disclosure Indexed 1 week, 4 days ago
medium · government · Jun 21, 2026

Brazil’s Civil Defense suffers a

This is the kind of cyberattack that can put lives at risk and makes me want to wring some necks if I wasn’t so old and feeble. Demócrata reports: Brazil’s Civil Defense has reported this Saturday that its of

View incident → Original disclosure Indexed 1 week, 5 days ago
medium · tech · Jun 21, 2026

Klue OAuth breach victim list

Lawrence Abrams reports: Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers’ Salesforce environments, a

View incident → Original disclosure Indexed 1 week, 5 days ago
medium · government · Jun 20, 2026

CISA Warns of Active Exploitation

FortiBleed exposed credentials for 74,000 Fortinet devices, with attackers actively exploiting the leak to target systems worldwide. On June 18, CISA issued an emergency alert after reports surfaced that credentials for

View incident → Original disclosure Indexed 1 week, 6 days ago
critical · other · Jun 20, 2026

Inside GentleKiller

The Gentlemen equips affiliates with a centralized EDR-killer suite, rapidly weaponizing BYOVD exploits to disable security tools before ransomware attacks. ESET published a detailed breakdown of The Gentlemen‘s te

View incident → Original disclosure Indexed 1 week, 6 days ago
critical · other · Jun 20, 2026

Inside GentleKiller

The Gentlemen equips affiliates with a centralized EDR-killer suite, rapidly weaponizing BYOVD exploits to disable security tools before ransomware attacks. ESET published a detailed breakdown of The Gentlemen‘s te

View incident → Original disclosure Indexed 1 week, 6 days ago
medium · retail · Jun 19, 2026

M365 Copilot SearchLeak

A recent proof-of-concept attack against Microsoft’s M365 Copilot Enterprise highlights what could be a much broader prompt injection threat based on a common way many AI-enhanced web services operate. Dubbed SearchLe

medium · tech · Jun 19, 2026

Microsoft

Microsoft is warning of a novel remote code execution (RCE) path possible through web-enabled AI agents, demonstrating the technique against AutoGen Studio, its open-source interface for building and testing multi-agent