Recent Data Breaches — Live Disclosure Tracker

Latest Disclosures

high · finance · Feb 22, 2026

PwC (Global)

380K audit client records exposed via compromised file transfer platform

View incident → Original disclosure Indexed 2 months, 1 week ago

high · finance · Feb 22, 2026

Sun Life Financial (Canada)

890K group benefits records compromised via ransomware at claims administrator

View incident → Original disclosure Indexed 2 months, 1 week ago

critical · tech · Feb 22, 2026

CarGurus

12,461,887 records exposed — Email addresses, IP addresses, Names, Phone numbers and 1 more

View incident → Original disclosure Indexed 2 months, 1 week ago

high · finance · Feb 21, 2026

Deloitte (Client Data)

240K audit client records from 12 countries exposed via compromised GlobalProtect VPN

View incident → Original disclosure Indexed 2 months, 2 weeks ago

critical · tech · Feb 20, 2026

Atlassian Confluence Cloud

4.8M wiki pages from enterprise customers exposed via critical authentication bypass

View incident → Original disclosure Indexed 2 months, 2 weeks ago

high · government · Feb 20, 2026

Province of Quebec (Revenu)

670K taxpayer records exposed via compromised e-filing integration at provincial revenue agency

View incident → Original disclosure Indexed 2 months, 2 weeks ago

high · government · Feb 20, 2026

VIQ Solutions (Canada)

Sensitive court transcripts compromised after Indian subcontractor breach — ignored warnings

View incident → Original disclosure Indexed 2 months, 2 weeks ago

high · tech · Feb 20, 2026

Roundcube Webmail

RoundCube Webmail Cross-site Scripting Vulnerability — RoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG document.

View incident → Original disclosure Indexed 2 months, 2 weeks ago

medium · retail · Feb 20, 2026

CarMax

431,371 records exposed — Email addresses, Names, Phone numbers, Physical addresses

View incident → Original disclosure Indexed 2 months, 2 weeks ago

high · tech · Feb 20, 2026

RoundCube Webmail Deserialization of Untrusted Data Vulnerability — RoundCube Webmail contains a deserialization of untrusted data vulnerability that allows remote code execution by authenticated users because the _from

View incident → Original disclosure Indexed 2 months, 2 weeks ago

high · government · Feb 19, 2026

Hydro-Quebec (Canada)

640K customer billing records exposed via compromised metering data system

View incident → Original disclosure Indexed 2 months, 2 weeks ago

high · education · Feb 19, 2026

University of Sydney (Australia)

340K student records including visa and financial information exposed in targeted attack

View incident → Original disclosure Indexed 2 months, 2 weeks ago

critical · legal · Feb 18, 2026

Hogan Lovells International LLP

510K cross-border dispute records exposed via compromised document review platform

View incident → Original disclosure Indexed 2 months, 2 weeks ago

critical · other · Feb 18, 2026

Record Number of Ransomware Victims

Searchlight Cyber reports a 30% annual increase in ransomware victim numbers in 2025

View incident → Original disclosure Indexed 2 months, 2 weeks ago

critical · healthcare · Feb 18, 2026

Canada Health Infoway

3.2M patient health records from interprovincial data exchange compromised

View incident → Original disclosure Indexed 2 months, 2 weeks ago

high · tech · Feb 18, 2026

GitLab GitLab

GitLab Server-Side Request Forgery (SSRF) Vulnerability — GitLab contains a server-side request forgery (SSRF) vulnerability when requests to the internal network for webhooks are enabled.

View incident → Original disclosure Indexed 2 months, 2 weeks ago

high · tech · Feb 18, 2026

Dell RecoverPoint for Virtual Machines (RP4VMs)

Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability — Dell RecoverPoint for Virtual Machines (RP4VMs) contains an use of hard-coded credentials vulnerability that could allow an un

View incident → Original disclosure Indexed 2 months, 2 weeks ago

critical · finance · Feb 18, 2026

CIBC (Canada)

1.2M customer records compromised via third-party mortgage processing vendor

View incident → Original disclosure Indexed 2 months, 2 weeks ago

high · retail · Feb 18, 2026

Adidas (Third-Party Breach)

815K customer records stolen from third-party licensing partner — second breach in a year

View incident → Original disclosure Indexed 2 months, 2 weeks ago

high · finance · Feb 18, 2026

Figure

967,178 records exposed — Dates of birth, Email addresses, Names, Phone numbers and 1 more

View incident → Original disclosure Indexed 2 months, 2 weeks ago

high · tech · Feb 17, 2026

Microsoft Windows

Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability — Microsoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker could exploit the vulnerability by constr

View incident → Original disclosure Indexed 2 months, 2 weeks ago

medium · other · Feb 17, 2026

Low-Skilled Cybercriminals Use AI to

Unit 42 researchers observed a low-skilled threat actor using an LLM to script a professional extortion strategy, complete with deadlines and pressure tactics

View incident → Original disclosure Indexed 2 months, 2 weeks ago

high · other · Feb 17, 2026

Rolls-Royce Holdings

280K employee and defense contract records from engine division exposed in supply chain attack

View incident → Original disclosure Indexed 2 months, 2 weeks ago

high · retail · Feb 17, 2026

Canada Goose

581,877 records exposed — Device information, Email addresses, IP addresses, Names and 4 more

View incident → Original disclosure Indexed 2 months, 2 weeks ago

Recent Data Breach Disclosures

Latest Disclosures