2026 Data Breaches — Year-to-Date Disclosure Tracker

2026 Data Breaches Year-to-Date (665 indexed)

critical · government · Jan 15, 2026

Conduent (Government Contracts)

4.3M individuals affected via Fortune 500 contractor — multiple state governments impacted

View incident → Original disclosure Indexed 3 months, 2 weeks ago

high · education · Jan 15, 2026

Harvard University

520K alumni and donor records exposed via compromised advancement office database

View incident → Original disclosure Indexed 3 months, 2 weeks ago

high · finance · Jan 14, 2026

Rogers Bank (Canada)

320K credit card applicant records exposed via compromised underwriting platform

View incident → Original disclosure Indexed 3 months, 3 weeks ago

critical · tech · Jan 14, 2026

Amazon Web Services (Customer Data)

2.8M customer billing records and account metadata exposed via misconfigured internal tool

View incident → Original disclosure Indexed 3 months, 3 weeks ago

critical · finance · Jan 14, 2026

JPMorgan Chase (Vendor)

4.7M customer records exposed via compromised third-party payment processing vendor

View incident → Original disclosure Indexed 3 months, 3 weeks ago

high · tech · Jan 13, 2026

Microsoft Windows Information Disclosure Vulnerability — Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally.

View incident → Original disclosure Indexed 3 months, 3 weeks ago

critical · healthcare · Jan 13, 2026

Telus Health (Canada)

1.8M employee benefits records from Canadian health benefits platform compromised

View incident → Original disclosure Indexed 3 months, 3 weeks ago

critical · retail · Jan 13, 2026

Costco Wholesale

1.9M customer records stolen from payment processing system via skimming malware at warehouses

View incident → Original disclosure Indexed 3 months, 3 weeks ago

critical · legal · Jan 12, 2026

Kirkland & Ellis LLP

Client M&A deal documents and litigation files exposed via compromised document management system

View incident → Original disclosure Indexed 3 months, 3 weeks ago

high · government · Jan 12, 2026

New Zealand Ministry of Health

890K patient vaccination records exposed via misconfigured COVID-era data sharing portal

View incident → Original disclosure Indexed 3 months, 3 weeks ago

high · tech · Jan 12, 2026

Gogs Gogs

Gogs Path Traversal Vulnerability — Gogs contains a path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution.

View incident → Original disclosure Indexed 3 months, 3 weeks ago

high · tech · Jan 11, 2026