Retail & E-Commerce Data Breaches — Customer & Payment Compromises

Retail & E-Commerce Data Breaches (599 indexed)

high · retail · Feb 5, 2026

Zara (Inditex)

890K customer records stolen

View incident → Original disclosure Indexed 2 months, 3 weeks ago

critical · retail · Feb 5, 2026

Couche-Tard (Circle K Canada)

1.2M customer payment records exposed in POS breach

View incident → Original disclosure Indexed 2 months, 3 weeks ago

critical · retail · Feb 4, 2026

Home Depot (2026)

3.2M customer records exposed via SaaS vendor breach affecting loyalty program data

View incident → Original disclosure Indexed 2 months, 4 weeks ago

critical · retail · Jan 31, 2026

Panera Bread

5,112,502 records exposed — Email addresses, Names, Phone numbers, Physical addresses

View incident → Original disclosure Indexed 3 months ago

high · retail · Jan 28, 2026

Woolworths Group (Australia)

860K Everyday Rewards member records exposed via supply chain software vulnerability

View incident → Original disclosure Indexed 3 months ago

high · retail · Jan 28, 2026

Target Corporation (2026)

890K customer credit applications and RedCard data exposed via compromised credit processor

View incident → Original disclosure Indexed 3 months ago

critical · retail · Jan 19, 2026

Raaga

10,225,145 records exposed — Ages, Dates of birth, Email addresses, Genders and 3 more

View incident → Original disclosure Indexed 3 months, 1 week ago

high · retail · Jan 15, 2026

Alimentation Couche-Tard (Canada)

620K Circle K loyalty customer records stolen from Canadian convenience store operator

View incident → Original disclosure Indexed 3 months, 2 weeks ago

critical · retail · Jan 13, 2026

Costco Wholesale

1.9M customer records stolen from payment processing system via skimming malware at warehouses

View incident → Original disclosure Indexed 3 months, 2 weeks ago

high · retail · Jan 10, 2026

Starbucks Corporation

950K rewards member records exposed via API vulnerability in mobile order-ahead system

View incident → Original disclosure Indexed 3 months, 3 weeks ago

high · retail · Jan 10, 2026

MEC (Mountain Equipment)

450K member records compromised

View incident → Original disclosure Indexed 3 months, 3 weeks ago

medium · retail · Jan 5, 2026

Sleep Country Canada

190K customer records compromised

View incident → Original disclosure Indexed 3 months, 3 weeks ago

high · retail · Jan 5, 2026

Falabella (Chile)

450K customer records stolen

View incident → Original disclosure Indexed 3 months, 3 weeks ago

critical · retail · Dec 2, 2025

Amazon (Ring / Alexa)

2.8M smart home device user records exposed via misconfigured internal analytics pipeline

View incident → Original disclosure Indexed 5 months ago

high · retail · Dec 1, 2025

Cineplex

890K customer records stolen

View incident → Original disclosure Indexed 5 months ago

high · retail · Dec 1, 2025

Sainsbury's

670K customer records exposed via vendor breach

View incident → Original disclosure Indexed 5 months ago

high · retail · Nov 22, 2025

Staples Inc.

Customer order data and employee information compromised in November cyberattack

View incident → Original disclosure Indexed 5 months, 1 week ago

medium · retail · Nov 20, 2025

Vultr

187,872 records exposed — Email addresses, Geographic locations, IP addresses, Names

View incident → Original disclosure Indexed 5 months, 1 week ago

medium · retail · Nov 20, 2025

Eurofiber

10,003 records exposed — Email addresses, Names, Phone numbers

View incident → Original disclosure Indexed 5 months, 1 week ago

critical · retail · Nov 18, 2025

Walmart (eCommerce)

3.5M marketplace seller records exposed via compromised Walmart Connect advertising platform

View incident → Original disclosure Indexed 5 months, 2 weeks ago

high · retail · Nov 5, 2025

Best Buy (vendor incident)

560K customer records compromised through third-party

View incident → Original disclosure Indexed 5 months, 3 weeks ago

high · retail · Nov 5, 2025

Publix Super Markets

450K customer records compromised

View incident → Original disclosure Indexed 5 months, 3 weeks ago

high · retail · Nov 1, 2025

Legends International

Fan payment and personal data — NFL, MLB, NHL, NBA venues

View incident → Indexed 6 months ago

critical · retail · Nov 1, 2025

H&M Group

1.2M customer records compromised

View incident → Original disclosure Indexed 6 months ago