Aura
903,080 records exposed — Customer service comments, Email addresses, IP addresses, Names and 2 more
2026 Data Breaches Year-to-Date (655 indexed)
Crypto Scam "ShieldGuard" Dismantled After
ShieldGuard Chrome extension posed as a crypto security tool but stole wallets and drained user data
Synacor Zimbra Collaboration Suite (ZCS)
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading
City of Toronto
890K resident records from municipal services portal exposed in CL0P supply chain attack
FedEx Corporation
1.1M shipping records and customs declarations exposed via unsecured S3 bucket
McKesson Corporation
2.8M pharmacy customer records exposed via compromised drug distribution platform
Wing FTP Server Wing FTP Server
Wing FTP Server Information Disclosure Vulnerability — Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie.
Canada Post
950K address and package tracking records exposed via third-party logistics vendor breach
Divine Skins
105,814 records exposed — Email addresses, Purchases, Usernames
Wipro Technologies (India)
890K employee and client records exposed via compromised email system in phishing campaign
Baydöner
1,266,822 records exposed — Dates of birth, Email addresses, Genders, Geographic locations and 5 more
Stripe Inc. (Merchant Data)
1.5M merchant processing records exposed via compromised internal dashboard access
Norton Rose Fulbright (Canada)
85K client records from Canadian offices exposed via supply chain compromise
Suncorp Group (Australia)
1.4M insurance policyholder records exposed via compromised claims processing system
LabCorp (Quest Integration)
820K patient lab results exposed via misconfigured API following Quest Diagnostics merger
Toshiba (Japan)
430K employee and business partner records stolen in DarkAngels ransomware attack
Google Chromium V8
Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability — Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerabil
Google Skia
Google Skia Out-of-Bounds Write Vulnerability — Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerabil
California State University System
2.3M student records from 23 campuses exposed via compromised PeopleSoft instance
Adobe Inc. (Creative Cloud)
1.8M Creative Cloud subscriber records exposed via compromised customer success platform
Sanofi (France)
1.2M clinical trial participant records exposed via compromised research data platform
n8n n8n
n8n Improper Control of Dynamically-Managed Code Resources Vulnerability — n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for
France
French small and medium businesses remained the organizations most targeted by ransomware in 2025
TD Bank (Canada/US)
3.8M customer records exposed in cross-border data breach affecting Canadian and US operations