Estafette
Compose Login
You are browsing eu.zone1 in read-only mode. Log in to participate.
rss-bridge 2026-01-29T11:10:31+00:00

Mega Breaches in 2026

Here’s a collection of the main mega breaches (that is data breaches with more than one million records compromised and possibly leaked) during 2026. The information is derived from the cyber attacks timelines that I published, normally, on a bi-weekly basis.

---

- Post author:Paolo Passeri

- Post published:January 29, 2026

- Post category:Cyber Attacks Timelines / Security

- Post comments:0 Comments

- Reading time:1 min read

Views: 7,078

Last modified: February 27, 2026

[Image: View Paolo Passeri's LinkedIn profile]

Connect on Linkedin

[Image: Follow me on Twitter]

Follow me on X

[Image: Follow me on Bluesky]

Follow me on Bluesky

[Image: View Paolo Passeri's Mastdon profile]

Connect on Mastodon

Here’s a collection of the main mega breaches (that is data breaches with more than one million records compromised and possibly leaked) during 2026. The information is derived from the cyber attacks timelines that I published, normally, on a bi-weekly basis.

The timeline will be updated as new mega breaches are discovered.

Mega Breaches 2026

No Data Found

Top 20 Breaches (Millions Records)

No Data Found

Top Sectors (Number of Records)

No Data Found

Top Sectors (Number of Breaches)

No Data Found

Enjoy the data, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to connect on Linkedin, or even follow @paulsparrows on X (formerly Twitter), psparrows.bsky.social on Bluesky, or @ppasseri@Infosec.exchange on Mastodon for the latest updates.

BE NOTIFIED OF NEW BLOG POSTS: SUSCRIBE!

SUPPORT MY WORK!
MAKE A DONATION

Creating the timelines is a very time-consuming task.

Any little helps!

POPULAR POSTS

- The Biggest Data Breaches of 2021

With this new project I am going to track the biggest data breaches of 2021 extracted from my cyber attack timelines.

[Image: 1-15 February 2026 Cyber Attacks Timeline]
1-15 February 2026 Cyber Attacks Timeline

In the first half of February 2026 I collected 96 events (6.4 events/day) with a threat landscape dominated by malware with 33%, (it was 38% in the second half of last month, once again ahead of ransomware (up to 20% from 14%), and account takeovers ...

- 1-15 October 2016 Cyber Attacks Timeline

It's time to publish the first timeline of October, covering the main cyber attacks occurred between 1 and 15 October 2016. So the good news is that the decreasing trend is confirmed since these first two weeks have shown the lowest number of cyber attacks ...

- June 2018 Cyber Attacks Statistics

It's time to publish the statistics related to the main cyber attacks occurred in June and derived from the two corresponding timelines (Part I and Part II). The summer is here and apparently crooks are partially taking a break, since I collected 96 events (vs ...

- May I Be Arrested For Using LOIC?

As you will probably know, as a consequence of the takedown of the famous storage site Megaupload and the consequent indictment and arrest of seven people (all accused of online piracy), the Anonymous have launched #OpMegaUpload, a giant DDoS attack defined "The biggest Internet attack ever" ...

The Biggest Data Breaches of 2022

Leaky Buckets: a List of Cloud Misconfigurations

Cloud-Native Threats in 2021

| Date Reported | Date Occurred | Date Discovered | Author | Target | Description | Attack | Target Class | Attack Class | Country | Link | Initial Access | Records Raw | Records

| 04/01/2026
| Late 2025 / Early 2026
| -
| Crimson Collective
| Brightspeed
| Crimson Collective claims to have breached US fiber provider Brightspeed, allegedly exfiltrating personal data for over one million customers. The stolen data includes names, addresses, emails, and payment details. Brightspeed is investigating the claims, though the hackers shared proof of the breach with dark web monitoring experts.
| Ransomware
| Information/Communication
| Cyber Crime
| US
| Unknown
| 1,00
| 1.000.000,00

| 09/01/2026
| As early as August 2024
| 09/01/2026
| dk0m
| Armenian Government
| Armenian authorities are investigating the alleged sale of 8 million government records on a hacker forum for $2,500. The dataset reportedly includes official notifications from police and judicial bodies. While officials deny a direct email infrastructure breach, they suggest data may have originated from a civil litigation platform.
| Unknown
| Public Administration
| Cyber Crime
| AM
| Unknown
| 8,00
| 8.000.000,00

| 09/01/2026
| 09/01/2026
| 09/01/2026
| Unknown
| Betterment
| Fintech firm Betterment confirms a data breach after attackers exploited a third-party marketing platform to send fraudulent "triple your crypto" scam emails. While the attackers accessed customer contact details—including names and birthdates—Betterment maintains that core systems, login credentials, and investment accounts remain secure and were not directly compromised.
| Account Takeover
| Fintech
| Cyber Crime
| US
| Supply Chain Compromise
| 1,44
| 1.435.174,00

| 11/01/2026
| Early January 2026
| Early January 2026
| Unknown
| Endesa
| Spanish energy giant Endesa suffers a major data breach after a threat actor gained unauthorized access to its commercial platform. The attacker exfiltrated roughly 1.05 terabytes of sensitive data, including customer identification, contact details, DNI numbers, and payment information (IBANs), impacting millions of electricity and gas customers in Spain.
| Unknown
| Electricity/Gas
| Cyber Crime
| ES
| Unknown
| 20,00
| 20.000.000,00

| 11/01/2026
| During 2022?
| 07/01/2026
| Unknown
| Instagram
| Meta (Instagram) denies claims of a data breach after a threat actor alleged the theft of 17.5 million user records. The company maintains its systems are secure, suggesting the "leak" is likely aggregated public data or recycled information from historical third-party breaches rather than a fresh hack of its infrastructure. According to several security researchers the breach comes from an alleged 2022 API leak.
| Unknown
| Information/Communication
| Cyber Crime
| US
| Misconfiguration?
| 17,02
| 17.017.213,00

| 21/01/2026
| During November 2025
| 21/01/2026
| Everest
| Under Armour
| Under Armour investigates claims of a data breach after a threat actor leaked a database allegedly containing millions of customer email addresses. While the company confirmed it is looking into the matter, it has not yet verified the authenticity of the leaked data or the specific source.
| Ransomware
| Wholesale/Retail
| Cyber Crime
| US
| Unknown
| 72,00
| 72.000.000,00

| 26/01/2026
| During December 2025
| During December 2025
| ShinyHunters (a.k.a. UNC6040, SLSH, Scattered LAPSUS$ Hunters)
| SoundCloud
| Threat actors have stolen the personal and contact information belonging to over 29.8 million SoundCloud user accounts after breaching the audio streaming platform's systems.
| Unknown
| Arts/Entertainment
| Cyber Crime
| DE
| Unknown
| 29,80
| 29.800.000,00

| 26/01/2026
| During January 2026
| 23/01/2026
| ShinyHunters (a.k.a. UNC6040, SLSH, Scattered LAPSUS$ Hunters)
| Crunchbase
| Crunchbase confirmed a January 2026 data breach after the ShinyHunters hacking group leaked 400MB of stolen data, including over two million records. Part of a campaign targeting multiple tech firms via vishing, the incident involved exfiltrating sensitive corporate documents and PII without disrupting business operations.
| Account Takeover
| Information/Communication
| Cyber Crime
| US
| Social Engineering
| 2,00
| 2.000.000,00

| 27/01/2026
| During January 2026
| 27/01/2026
| ShinyHunters (a.k.a. UNC6040, SLSH, Scattered LAPSUS$ Hunters)
| Panera Bread
| ShinyHunters leaks a database containing approximately 5.1 million Panera Bread records, including customer and employee personal information. This 2026 breach, reportedly stemming from a failed ransom negotiation, exposed names, emails, and phone numbers.
| Ransomware
| Accommodation/Food
| Cyber Crime
| US
| Unknown
| 5,10
| 5.100.000,00

| 29/01/2026
| During January 2026
| During January 2026
| ShinyHunters (a.k.a. UNC6040, SLSH, Scattered LAPSUS$ Hunters)
| Match Group
| Match Group confirms a data breach affecting Tinder, Hinge, OkCupid, and Match.com users. Attackers accessed a customer support database containing account information, email addresses, and partial payment details. While passwords and full credit card numbers remained secure, the company is notifying millions of users about potential phishing risks.
| Unknown
| Information/Communication
| Cyber Crime
| US
| Compromised Credentials
| 10,00
| 10.000.000,00

| 04/02/2026
| End of October 2025
| 31/10/2025
| ShinyHunters (a.k.a. UNC6040, SLSH, Scattered LAPSUS$ Hunters)
| University of Pennsylvania
| The ShinyHunters threat actor claims responsibility for last year’s data breaches at the University of Pennsylvania (UPenn) and publishes what it claims are more than 1 million records from the university on the group’s dedicated leak site, which the gang uses to extort its victims.
| Ransomware
| Education
| Cyber Crime
| US
| Social Engineering
| 1,00
| 1.000.000,00

| 04/02/2026
| 18/11/2025
| 22/11/2025
| ShinyHunters (a.k.a. UNC6040, SLSH, Scattered LAPSUS$ Hunters)
| Harvard University
| The ShinyHunters threat actor claims responsibility for last year’s data breaches at the Harvard University and publishes what it claims are more than 1 million records from the university on the group’s dedicated leak site, which the gang uses to extort its victims.
| Ransomware
| Education
| Cyber Crime
| US
| Social Engineering
| 1,00
| 1.000.000,00

| 05/02/2026
| 18/01/2025
| 18/01/2025
| SafePay
| Conduent
| The January 2025 data breach at government technology giant Conduent appears to affect 15.4 million individuals, far more people than first disclosed.
| Ransomware
| Administration/Support
| Cyber Crime
| US
| Unknown
| 15,40
| 15.400.000,00

| 12/02/2026
| Late January 2025, Early February 2026
| 07/02/2026
| ShinyHunters (a.k.a. UNC6040, SLSH, Scattered LAPSUS$ Hunters)
| Odido
| Dutch telecommunications provider Odido suffers a massive data breach exposing personal information of 6.2 million customers. A threat actor exfiltrated names, addresses, and IBANs. The company has notified authorities and affected users, implementing additional security measures to prevent future unauthorized access.
| Unknown
| Information/Communication
| Cyber Crime
| NL
| Unknown
| 6,20
| 6.200.000,00

| 13/02/2026
| Unspecified
| Unspecified
| ShinyHunters (a.k.a. UNC6040, SLSH, Scattered LAPSUS$ Hunters)
| Figure Technology Solutions
| Blockchain-based lending firm Figure Technology Solutions confirms a data breach after an employee fell victim to a social engineering attack. According to a company spokesperson, the incident allowed hackers to access and steal a limited number of files. The company disclosed the breach following inquiries and is assessing the impact.
| Ransomware
| Fintech
| Cyber Crime
| US
| Social Engineering
| 1,00
| 1.000.000,00

| 18/02/2026
| End of January 2026
| End of January 2026
| Unknown
| French Ministry of Economy
| The French Ministry of Economy says that a threat actor gained access to a national bank account database and consulted information on 1.2 million accounts.
| Account takeover
| Public Administration
| Cyber Crime
| FR
| Compromised Credentials
| 1,20
| 1.200.000,00

| 21/02/2026
| During February 2026
| 21/02/2026
| ShinyHunters (a.k.a. UNC6040, SLSH, Scattered LAPSUS$ Hunters)
| CarGurus
| The ShinyHunters extortion group has published personal information in more than 12 million records allegedly stolen from CarGurus, a U.S.-based digital auto platform.
| Account Takeover
| Wholesale/Retail
| Cyber Crime
| US
| Unknown
| 12,50
| 12.500.000,00

| 26/02/2026
| During January 2026
| During February 2026
| 'Indra'
| ManoMano
| DIY store chain ManoMano notifies customers of a data breach that was caused by threat actors compromising a third-party service provider and impacting 37.8 million user accounts.
| Unknown
| Wholesale/Retail
| Cyber Crime
| FR
| Supply Chain Compromise
| 37,80
| 37.800.000,00

| Date Reported | Date Occurred | Date Discovered | Author | Target | Description | Attack | Target Class | Attack Class | Country | Link | Initial Access | Records Raw | Records

#### Share:

Bluesky

Mastodon

Pocket

Tumblr

Telegram

Pinterest

Threads

#### Like this:

Like Loading...

#### Related

Tags: 2026, Cyber Attacks, Mega Breaches

#### Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

---

[Original source](https://www.hackmageddon.com/2026/01/29/mega-breaches-in-2026/)

Reply