2026 Data Breaches — Year-to-Date Disclosure Tracker

2026 Data Breaches Year-to-Date (665 indexed)

high · tech · Jan 22, 2026

Shopify (Merchant Data)

860K merchant store records including revenue data exposed via compromised support tool

View incident → Original disclosure Indexed 3 months, 1 week ago

high · tech · Jan 22, 2026

Vite Vitejs Improper Access Control Vulnerability — Vite Vitejs contains an improper access control vulnerability that exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposi

View incident → Original disclosure Indexed 3 months, 1 week ago

high · tech · Jan 21, 2026

Cisco Unified Communications Manager

Cisco Unified Communications Products Code Injection Vulnerability — Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Comm

View incident → Original disclosure Indexed 3 months, 2 weeks ago

critical · finance · Jan 21, 2026

HSBC (Global)

1.6M customer records from US and UK operations exposed via MOVEit successor vulnerability

View incident → Original disclosure Indexed 3 months, 2 weeks ago

critical · tech · Jan 21, 2026

Under Armour

72,742,892 records exposed — Dates of birth, Email addresses, Genders, Geographic locations and 2 more

View incident → Original disclosure Indexed 3 months, 2 weeks ago

critical · healthcare · Jan 21, 2026

Ramsay Health Care (Australia)

2.3M patient records stolen from Australian private hospital operator

View incident → Original disclosure Indexed 3 months, 2 weeks ago

critical · other · Jan 20, 2026

UPS (Supply Chain Data)

1.5M shipping manifests and customs records exposed via compromised logistics API

View incident → Original disclosure Indexed 3 months, 2 weeks ago

high · tech · Jan 20, 2026

Crunchbase

Business intelligence platform breached — ShinyHunters claimed responsibility

View incident → Original disclosure Indexed 3 months, 2 weeks ago

high · government · Jan 20, 2026

US Census Bureau

680K household survey response records exposed via misconfigured data sharing portal

View incident → Original disclosure Indexed 3 months, 2 weeks ago

critical · tech · Jan 20, 2026

Korea Telecom (South Korea)

8.7M customer records exposed via compromised customer portal at largest Korean telco

View incident → Original disclosure Indexed 3 months, 2 weeks ago

critical · government · Jan 20, 2026

US Postal Service

2.3M package tracking records and sender data exposed via compromised Informed Delivery API

View incident → Original disclosure Indexed 3 months, 2 weeks ago

high · finance · Jan 19, 2026

Morgan Stanley (Cloud)

680K wealth management client records exposed via misconfigured cloud storage bucket

View incident → Original disclosure Indexed 3 months, 2 weeks ago

critical · retail · Jan 19, 2026

Raaga

10,225,145 records exposed — Ages, Dates of birth, Email addresses, Genders and 3 more

View incident → Original disclosure Indexed 3 months, 2 weeks ago

high · other · Jan 19, 2026

Magna International (Canada)

180K employee records from automotive parts manufacturer exposed via phishing attack

View incident → Original disclosure Indexed 3 months, 2 weeks ago

high · government · Jan 18, 2026

Pass'Sport

6,366,133 records exposed — Email addresses, Genders, Names, Phone numbers and 1 more

View incident → Original disclosure Indexed 3 months, 2 weeks ago

critical · tech · Jan 18, 2026

Salesforce (Data Cloud)

3.4M CRM records from multiple tenants exposed via privilege escalation in Data Cloud module

View incident → Original disclosure Indexed 3 months, 2 weeks ago

critical · tech · Jan 18, 2026

Fujitsu (Japan)

1.2M customer records from government IT contracts exposed via compromised ProjectWEB portal

View incident → Original disclosure Indexed 3 months, 2 weeks ago

critical · other · Jan 17, 2026

InterContinental Hotels (IHG)

1.3M guest reservation records including passport and payment data compromised

View incident → Original disclosure Indexed 3 months, 2 weeks ago

critical · finance · Jan 16, 2026

Visa Inc. (Token Service)

1.1M tokenized card records exposed via vulnerability in token provisioning service

View incident → Original disclosure Indexed 3 months, 2 weeks ago

critical · tech · Jan 16, 2026

Optus (Australia 2026)

2.8M customer records stolen via API vulnerability in self-service portal

View incident → Original disclosure Indexed 3 months, 2 weeks ago

critical · tech · Jan 15, 2026

Zscaler Cloud Security

150K enterprise zero-trust configurations exposed — test environment breach spread to prod

View incident → Original disclosure Indexed 3 months, 2 weeks ago

critical · tech · Jan 15, 2026

Match Group (Hinge / OkCupid)

10M+ dating records stolen by ShinyHunters via Okta SSO social engineering

View incident → Original disclosure Indexed 3 months, 2 weeks ago

critical · finance · Jan 15, 2026

Ally Financial (Auto Lending)

1.1M auto loan records exposed via compromised dealer management system integration

View incident → Original disclosure Indexed 3 months, 2 weeks ago

high · retail · Jan 15, 2026

Alimentation Couche-Tard (Canada)

620K Circle K loyalty customer records stolen from Canadian convenience store operator

View incident → Original disclosure Indexed 3 months, 2 weeks ago