Live disclosure tracker · updated continuously

Finance & Banking Data Breaches

Banks, payment processors, fintechs, and crypto exchanges sit at the top of every threat actor target list. Below is every finance-sector breach LeakTrace has indexed.

98B+
Records Exposed
712
Incidents
94+
Countries
+104%
Breach Velocity YoY
Browse by sector
All breaches Healthcare Finance Government Technology Retail Education Legal
Browse by year
2024 2025 2026 ★ Worst of 2026

Finance & Banking Data Breaches (712 indexed)

medium · finance · Jun 30, 2026

Insurance giant Aflac

Sergiu Gatlan reports: American insurance giant Aflac has disclosed a new data breach after attackers breached its Japan subsidiary’s systems and stole personal and bank account information. Aflac (short for Americ

medium · finance · Jun 29, 2026

NAIC

The National Association of Insurance Commissioners (NAIC) says the ShinyHunters extortion group stole only publicly available data, outdated logs, and configuration files after breaching its systems by exploiting a zero

critical · finance · Jun 26, 2026

Russian Hackers Behind the $2.5

Rex Edison reports A single cyberattack dented an entire country’s GDP. The Cyber Monitoring Centre estimates that the ransomware assault on Jaguar Land Rover cost the UK economy £1.9 billion — roughly $2.5 billion

medium · finance · Jun 25, 2026

Rethinking the balance between AI

The new CIO mandate is clear: facilitate AI adoption across the enterprise at speed. According to CIO.com’s State of the CIO survey, CEOs’ top priority for their IT executives is to capitalize on AI. From researching

View incident → Original disclosure Indexed 1 week, 1 day ago
high · finance · Jun 23, 2026

Change your cyber risk strategy

CSOs must re-write their cyber risk strategies because threat actors are increasing using AI to evade defenses, says a group of national cybersecurity agencies – a call that one expert immediately complained is too vague

View incident → Original disclosure Indexed 1 week, 3 days ago
medium · finance · Jun 22, 2026

Klue breach

An attacker broke into competitive-intelligence vendor Klue, stole OAuth tokens its customers use to connect to Salesforce and other platforms, and accessed data across multiple customer environments prompting the compan

View incident → Original disclosure Indexed 1 week, 4 days ago
critical · finance · Jun 22, 2026

JaredFromSubway MEV bot

The JaredFromSubway Ethereum MEV (Maximal Extractable Value) bot suffered a $15 million loss after an attacker manipulated the opportunity-detection logic by creating fake cryptocurrency trading opportunities. [...]

View incident → Original disclosure Indexed 1 week, 4 days ago
critical · finance · Jun 17, 2026

What 22,000 breaches teach us

The 2026 Verizon Data Breach Investigations Report analyzed more than 22,000 confirmed data breaches across 145 countries. Its findings point to a single uncomfortable truth: organizations cannot patch fast enough to pre

View incident → Original disclosure Indexed 2 weeks, 2 days ago
critical · finance · Jun 13, 2026

South Korea Hands Coupang a

DataBreaches has been impressed by South Korea’s response to data breaches ever since reading about how its financial regulator responded to three credit card companies whose customers suffered a major data leak. U

View incident → Original disclosure Indexed 2 weeks, 6 days ago
critical · finance · Jun 10, 2026

AI red teaming comes of

When Ram Shankar Siva Kumar launched Microsoft’s AI red team in 2019, the discipline barely existed. “The running joke used to be that people who used to work in AI red teaming, you can round them up in a 14-foot cata

View incident → Original disclosure Indexed 3 weeks, 2 days ago
critical · finance · Jun 10, 2026

Power company in Japan fears

Buranond Kijwatanachai reports: Private personal information of nearly 11 million people may have been leaked after a Kyushu power company lost a storage drive earlier this year. According to Asahi Shimbun, the storage d

View incident → Original disclosure Indexed 3 weeks, 2 days ago
high · finance · Jun 8, 2026

UNC3753 Escalates

UNC3753 phones staff posing as IT, hijacks screen sessions, steals sensitive legal files, and now sends operatives physically into offices to plug in USB drives. Google Mandiant and the Google Threat Intelligence Group p

View incident → Original disclosure Indexed 3 weeks, 4 days ago