2026 Data Breaches — Year-to-Date Disclosure Tracker

2026 Data Breaches Year-to-Date (663 indexed)

high · finance · Feb 10, 2026

Banco de Chile

450K customer records exposed in credential harvesting

View incident → Original disclosure Indexed 2 months, 3 weeks ago

medium · other · Feb 10, 2026

“Digital Parasite” Warning as Attackers

Picus Security warns of the increasingly sophisticated ways malicious activity is staying hidden

View incident → Original disclosure Indexed 2 months, 3 weeks ago

critical · tech · Feb 10, 2026

Deutsche Telekom (Germany)

3.1M customer records accessed via compromised customer service platform

View incident → Original disclosure Indexed 2 months, 3 weeks ago

medium · tech · Feb 10, 2026

Toy Battles

1,017 records exposed — Chat logs, Email addresses, IP addresses, Usernames

View incident → Original disclosure Indexed 2 months, 3 weeks ago

medium · healthcare · Feb 10, 2026

Association Nationale des Premiers Secours

5,600 records exposed — Dates of birth, Email addresses, Names, Places of birth and 1 more

View incident → Original disclosure Indexed 2 months, 3 weeks ago

medium · education · Feb 10, 2026

KU Leuven (Belgium)

190K student records exposed

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · government · Feb 10, 2026

SaskPower (Canada)

340K customer utility records exposed via compromised billing system vendor

View incident → Original disclosure Indexed 2 months, 3 weeks ago

critical · finance · Feb 9, 2026

Robinhood Markets (2026)

2.8M customer trading records and SSNs exposed via social engineering attack on support staff

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · other · Feb 9, 2026

Emirates Airlines

640K Skywards member records including travel history and contact data compromised

View incident → Original disclosure Indexed 2 months, 3 weeks ago

medium · other · Feb 9, 2026

Researchers Find 40,000+ Exposed OpenClaw

SecurityScorecard has identified over 40,000 OpenClaw deployments exposed to potential attack

View incident → Original disclosure Indexed 2 months, 3 weeks ago

critical · tech · Feb 9, 2026

BridgePay Confirms Ransomware Attack, No

The services of Florida-based payments platform BridgePay are offline due to a ransomware attack

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · government · Feb 9, 2026

Thales Group (France)

340K defense and aerospace employee records exposed via LockBit 3.0 ransomware

View incident → Original disclosure Indexed 2 months, 3 weeks ago

critical · tech · Feb 8, 2026

ServiceNow ITSM Platform

620K enterprise workflow configurations exposed via compromised instance admin accounts

View incident → Original disclosure Indexed 2 months, 3 weeks ago

critical · government · Feb 8, 2026

ATO Australia (Tax)

1.1M taxpayer records exposed via zero-day in myGov authentication system

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · other · Feb 8, 2026

Instacart Grocery Delivery

680K shopper and customer records exposed via third-party payment processor compromise

View incident → Original disclosure Indexed 2 months, 3 weeks ago

critical · other · Feb 8, 2026

Cathay Pacific Airways

9.4M passenger records re-exposed as 2018 breach data reappears on new dark web marketplace

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · healthcare · Feb 8, 2026

Baystate Health

440K patient records exposed in spear-phishing attack on Massachusetts health system

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · education · Feb 7, 2026

University of Toronto

380K student and staff records compromised in targeted phishing campaign

View incident → Original disclosure Indexed 2 months, 4 weeks ago

critical · healthcare · Feb 7, 2026

CVS Health / Aetna

3.4M patient pharmacy and insurance records exposed via compromised prescription gateway

View incident → Original disclosure Indexed 2 months, 4 weeks ago

high · finance · Feb 6, 2026

Goldman Sachs (Contractor)

180K client portfolio records accessed by compromised contractor with elevated privileges

View incident → Original disclosure Indexed 2 months, 4 weeks ago

high · finance · Feb 6, 2026

BridgePay Network Solutions

Payment gateway ransomware attack causes widespread merchant and municipal outages

View incident → Original disclosure Indexed 2 months, 4 weeks ago

high · tech · Feb 6, 2026

Substack

697K subscriber records exposed — email addresses, phone numbers, internal metadata

View incident → Original disclosure Indexed 2 months, 4 weeks ago

medium · other · Feb 6, 2026

Substack Confirms Data Breach, "Limited

Substack did not specify the number of users affected by the data breach

View incident → Original disclosure Indexed 2 months, 4 weeks ago

high · tech · Feb 6, 2026

Fortinet (Security Vendor)

440K customer records from FortiGate management portal exposed via zero-day authentication bypass

View incident → Original disclosure Indexed 2 months, 4 weeks ago