University of Mississippi Medical Center
University of Mississippi Medical Center is still scrambling to respond to a ransomware attack last Thursday
2026 Data Breaches Year-to-Date (661 indexed)
PwC (Global)
380K audit client records exposed via compromised file transfer platform
CarGurus
12,461,887 records exposed — Email addresses, IP addresses, Names, Phone numbers and 1 more
Sun Life Financial (Canada)
890K group benefits records compromised via ransomware at claims administrator
Deloitte (Client Data)
240K audit client records from 12 countries exposed via compromised GlobalProtect VPN
Roundcube Webmail
RoundCube Webmail Cross-site Scripting Vulnerability — RoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG document.
Roundcube Webmail
RoundCube Webmail Deserialization of Untrusted Data Vulnerability — RoundCube Webmail contains a deserialization of untrusted data vulnerability that allows remote code execution by authenticated users because the _from
Province of Quebec (Revenu)
670K taxpayer records exposed via compromised e-filing integration at provincial revenue agency
VIQ Solutions (Canada)
Sensitive court transcripts compromised after Indian subcontractor breach — ignored warnings
CarMax
431,371 records exposed — Email addresses, Names, Phone numbers, Physical addresses
Atlassian Confluence Cloud
4.8M wiki pages from enterprise customers exposed via critical authentication bypass
University of Sydney (Australia)
340K student records including visa and financial information exposed in targeted attack
Hydro-Quebec (Canada)
640K customer billing records exposed via compromised metering data system
GitLab GitLab
GitLab Server-Side Request Forgery (SSRF) Vulnerability — GitLab contains a server-side request forgery (SSRF) vulnerability when requests to the internal network for webhooks are enabled.
Adidas (Third-Party Breach)
815K customer records stolen from third-party licensing partner — second breach in a year
CIBC (Canada)
1.2M customer records compromised via third-party mortgage processing vendor
Canada Health Infoway
3.2M patient health records from interprovincial data exchange compromised
Hogan Lovells International LLP
510K cross-border dispute records exposed via compromised document review platform
Figure
967,178 records exposed — Dates of birth, Email addresses, Names, Phone numbers and 1 more
Record Number of Ransomware Victims
Searchlight Cyber reports a 30% annual increase in ransomware victim numbers in 2025
Dell RecoverPoint for Virtual Machines (RP4VMs)
Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability — Dell RecoverPoint for Virtual Machines (RP4VMs) contains an use of hard-coded credentials vulnerability that could allow an un
NEC Corporation (Japan)
540K defense contractor employee records and project data accessed over multi-year intrusion
Rolls-Royce Holdings
280K employee and defense contract records from engine division exposed in supply chain attack
Low-Skilled Cybercriminals Use AI to
Unit 42 researchers observed a low-skilled threat actor using an LLM to script a professional extortion strategy, complete with deadlines and pressure tactics