Live disclosure tracker · updated continuously

2026 Data Breaches Year-to-Date

2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.

98B+
Records Exposed
997
Incidents
94+
Countries
+104%
Breach Velocity YoY
Browse by sector
All breaches Healthcare Finance Government Technology Retail Education Legal
Browse by year
2024 2025 2026 2026 Index

2026 Data Breaches Year-to-Date (997 indexed)

medium · tech · May 19, 2026

CTT

468,124 records exposed — Email addresses, Names, Phone numbers

View incident → Indexed 1 month, 4 weeks ago
critical · finance · May 18, 2026

Addi

34,532,941 records exposed — Age groups, Credit scores, Device information, Email addresses and 9 more

View incident → Indexed 1 month, 4 weeks ago
high · tech · May 15, 2026

Microsoft Microsoft

Microsoft Exchange Server Cross-Site Scripting Vulnerability — Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditi

high · tech · May 14, 2026

Cisco Catalyst SD-WAN

Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability — Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass a

high · finance · May 14, 2026

Abrigo

711,099 records exposed — Email addresses, Employers, Job titles, Names and 2 more

View incident → Indexed 2 months ago
medium · government · May 12, 2026

Cushman & Wakefield

310,431 records exposed — Email addresses, Job titles, Names, Phone numbers and 2 more

View incident → Indexed 2 months ago
medium · finance · May 8, 2026

Zara

197,376 records exposed — Email addresses, Geographic locations, Purchases, Support tickets

View incident → Indexed 2 months, 1 week ago
high · tech · May 8, 2026

BerriAI LiteLLM

BerriAI LiteLLM SQL Injection Vulnerability — BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorized acces

View incident → Original disclosure Indexed 2 months, 1 week ago
medium · tech · May 7, 2026

Woflow

447,593 records exposed — Email addresses, Names, Phone numbers, Physical addresses

View incident → Indexed 2 months, 1 week ago
high · tech · May 6, 2026

Palo Alto Networks PAN-OS

Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability — Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an un

View incident → Original disclosure Indexed 2 months, 1 week ago
medium · other · May 5, 2026

ISACA report

ISACA report warns that while AI has become the norm, many organizations are yet to formally apply safety or security policies around its use

View incident → Original disclosure Indexed 2 months, 1 week ago
high · finance · May 2, 2026

ZenBusiness

5,118,184 records exposed — Email addresses, Names, Phone numbers

View incident → Indexed 2 months, 2 weeks ago