Live disclosure tracker · updated continuously

Retail & E-Commerce Data Breaches

E-commerce platforms, point-of-sale systems, loyalty programs, and customer databases remain frequent targets for credential theft and card-skimming campaigns. Below is every retail-sector breach LeakTrace has indexed.

98B+
Records Exposed
647
Incidents
94+
Countries
+104%
Breach Velocity YoY
Browse by sector
All breaches Healthcare Finance Government Technology Retail Education Legal
Browse by year
2024 2025 2026 ★ Worst of 2026

Retail & E-Commerce Data Breaches (647 indexed)

medium · retail · Jun 19, 2026

M365 Copilot SearchLeak

A recent proof-of-concept attack against Microsoft’s M365 Copilot Enterprise highlights what could be a much broader prompt injection threat based on a common way many AI-enhanced web services operate. Dubbed SearchLe

high · retail · Jun 18, 2026

FortiBleed campaign

A massive credential-compromise campaign dubbed “Fortibleed” has been found to expose tens of thousands of Fortinet devices worldwide, with researchers warning of persistent attacker access to affected enterprise environ

View incident → Original disclosure Indexed 2 weeks, 1 day ago
medium · retail · Jun 14, 2026

UK: Hotel guests issued urgent

Elaine Blackburne reports: Hotel guests have been warned to stay alert for convincing fraudulent messages following a data breach at a major hotel chain. Personal information belonging to individuals with reservations at

View incident → Original disclosure Indexed 2 weeks, 5 days ago
critical · retail · Jun 11, 2026

Coupang

​​The Personal Information Protection Commission (PIPC), South Korea's data protection regulator, has fined e-commerce giant Coupang a record 624.6 billion won (roughly $409 million) following a massive data breach affec

View incident → Original disclosure Indexed 3 weeks, 1 day ago
medium · retail · May 29, 2026

Lack of response to critical

A newly discovered and so far unpatched critical vulnerability in the open source Gogs Git service not only demands immediate action from developers to secure their code, it also puts a spotlight on the potential issues

critical · retail · May 18, 2026

Public Amazon bucket

A hotel check-in system exposed over 1 million passports, IDs, and selfies online due to a misconfigured cloud storage bucket. A security lapse in the Reqrea’s Tabiq hotel check-in system exposed over 1 million pas

View incident → Original disclosure Indexed 1 month, 2 weeks ago
medium · retail · May 12, 2026

Škoda warns of customer data

Škoda Auto, a wholly owned subsidiary of the Volkswagen Group, has disclosed a data breach after attackers hacked its online shop and stole the personal information of an undisclosed number of customers. [...]

View incident → Original disclosure Indexed 1 month, 3 weeks ago
medium · retail · May 8, 2026

Zara Data Breach

Nearly 200,000 Zara customers were exposed in a third-party breach linked to ShinyHunters, revealing emails, purchase history, and support data. Personal data belonging to nearly 197,000 Zara customers has been compromis

View incident → Original disclosure Indexed 1 month, 3 weeks ago