Live tracker · Updated Jul 2, 2026

The Worst Breaches of 2026 (So Far)

The year's largest confirmed data breaches, ranked by records exposed. This list updates itself automatically as new disclosures go public.

Ranked by records exposed

2
medium · finance · Apr 2026

EngageLab SDK

50Mrecords exposed

A flaw in EngageLab SDK exposed up to 50M Android users, including 30M crypto wallets, letting apps bypass security and access private data. Microsoft researchers found a critical flaw in EngageSDK that lets apps bypass

3
critical · other · Apr 2026

McGraw Hill

45Mrecords exposed

The data breach emerged this weekend when the ShinyHunters cybercriminal organization claimed to have stolen 45 million Salesforce records and threatened to leak the information by April 14 if a ransom was not paid.

4
critical · other · May 2026

Charter Communications

42Mrecords exposed

The notorious ShinyHunters extortion group leaked over 42 million records allegedly stolen from Charter in April. The post Charter Communications Data Breach Could Impact Nearly 5 Million appeared first on SecurityWeek.

8
critical · other · Jun 2026

A KDDI

14.2Mrecords exposed

James Whitmore reports: Data breach at Japanese telecoms operator KDDI may have exposed up to 14.22 million email addresses and passwords linked to ISP mail services, after attackers gained unauthorised access to a syste

10
critical · finance · Jun 2026

Power company in Japan fears

11Mrecords exposed

Buranond Kijwatanachai reports: Private personal information of nearly 11 million people may have been leaked after a Kyushu power company lost a storage drive earlier this year. According to Asahi Shimbun, the storage d

14
critical · other · Apr 2026

Medtronic

9Mrecords exposed

The ShinyHunters cybercrime group claimed to have stolen 9 million records containing personal information from Medtronic. The post Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak appeared first on Securi

23
critical · other · Apr 2026

ADT

5.5Mrecords exposed

The ShinyHunters extortion group stole the personal information of 5.5 million individuals after breaching the systems of home security giant ADT earlier this month, according to data breach notification service Have I B

View every 2026 breach we've indexed →

Is your organization exposed?

Most of the incidents above began with credentials and infrastructure that were exposed long before the breach. Run a free exposure assessment to see what an attacker can already find on your organization.

Check your exposure free →