Live disclosure tracker · updated continuously

2026 Data Breaches Year-to-Date

2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.

98B+
Records Exposed
1048
Incidents
94+
Countries
+104%
Breach Velocity YoY
Browse by sector
All breaches Healthcare Finance Government Technology Retail Education Legal
Browse by year
2024 2025 2026 2026 Index

2026 Data Breaches Year-to-Date (1048 indexed)

medium · government · Mar 31, 2026

Cuties AI

144,250 records exposed — Avatars, Display names, Email addresses

View incident → Indexed 3 months, 2 weeks ago
high · tech · Mar 30, 2026

Citrix NetScaler

Citrix NetScaler Out-of-Bounds Read Vulnerability — Citrix NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS and NDcPP contain an out-of-bounds reads vulnerability wh

View incident → Original disclosure Indexed 3 months, 2 weeks ago
high · tech · Mar 27, 2026

F5 BIG-IP

F5 BIG-IP Stack-Based Buffer Overflow Vulnerability — F5 BIG-IP APM contains a stack-based buffer overflow vulnerability that could allow a threat actor to achieve remote code execution.

View incident → Original disclosure Indexed 3 months, 2 weeks ago
high · tech · Mar 26, 2026

Scuf Gaming

128,683 records exposed — Display names, Email addresses, IP addresses, Passwords and 1 more

View incident → Indexed 3 months, 3 weeks ago
high · tech · Mar 26, 2026

Aquasecurity Trivy

Aquasecurity Trivy Embedded Malicious Code Vulnerability — Aquasecurity Trivy contains an embedded malicious code vulnerability that could allow an attacker to gain access to everything in the CI/CD environment, includin

View incident → Original disclosure Indexed 3 months, 3 weeks ago
high · tech · Mar 25, 2026

Langflow Langflow

Langflow Code Injection Vulnerability — Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication.

View incident → Original disclosure Indexed 3 months, 3 weeks ago
high · tech · Mar 23, 2026

RuneScape Boards

222,762 records exposed — Email addresses, IP addresses, Passwords, Usernames

View incident → Indexed 3 months, 3 weeks ago
high · tech · Mar 20, 2026

Apple Multiple Products

Apple Multiple Products Classic Buffer Overflow Vulnerability — Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause une

View incident → Original disclosure Indexed 3 months, 3 weeks ago
high · tech · Mar 20, 2026

Apple Multiple Products

Apple Multiple Products Buffer Overflow Vulnerability — Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web con

View incident → Original disclosure Indexed 3 months, 3 weeks ago
high · tech · Mar 20, 2026

Laravel Livewire

Laravel Livewire Code Injection Vulnerability — Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios.

View incident → Original disclosure Indexed 3 months, 3 weeks ago
high · tech · Mar 20, 2026

Apple Multiple Products

Apple Multiple Products Improper Locking Vulnerability — Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected change

View incident → Original disclosure Indexed 3 months, 3 weeks ago
high · finance · Mar 18, 2026

Aura

903,080 records exposed — Customer service records, Email addresses, IP addresses, Names and 2 more

View incident → Original disclosure Indexed 3 months, 4 weeks ago
high · tech · Mar 18, 2026

Microsoft SharePoint

Microsoft SharePoint Deserialization of Untrusted Data Vulnerability — Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.

View incident → Original disclosure Indexed 3 months, 4 weeks ago
high · tech · Mar 13, 2026

Google Chromium V8

Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability — Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerabil

high · tech · Mar 13, 2026

Google Skia

Google Skia Out-of-Bounds Write Vulnerability — Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerabil