PostHole
Compose
Login
Mega Breaches in 2026
Here’s a collection of the main mega breaches (that is data breaches with more than one million records compromised and possibly leaked) during 2026. The information is derived from the cyber attacks timelines that I published, normally, on a bi-weekly basis.
- Post author:Paolo Passeri
- Post published:January 29, 2026
- Post category:Cyber Attacks Timelines / Security
- Post comments:0 Comments
- Reading time:1 min read
Views: 7,198
Last modified: February 27, 2026
[View Paolo Passeri's LinkedIn profile]
[View Paolo Passeri's Mastdon profile]
Here’s a collection of the main mega breaches (that is data breaches with more than one million records compromised and possibly leaked) during 2026. The information is derived from the cyber attacks timelines that I published, normally, on a bi-weekly basis.
The timeline will be updated as new mega breaches are discovered.
Mega Breaches 2026 **
No Data Found
Top 20 Breaches (Millions Records) **
No Data Found
Top Sectors (Number of Records) **
No Data Found
Top Sectors (Number of Breaches) **
No Data Found
Enjoy the data, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to connect on Linkedin, or even follow @paulsparrows on X (formerly Twitter), psparrows.bsky.social on Bluesky, or @ppasseri@Infosec.exchange on Mastodon for the latest updates.
**BE NOTIFIED OF NEW BLOG POSTS: SUSCRIBE!
SUPPORT MY WORK!
MAKE A DONATION
Creating the timelines is a very time-consuming task.
Any little helps!
POPULAR POSTS
With this new project I am going to track the biggest data breaches of 2021 extracted from my cyber attack timelines.
In the first half of February 2026 I collected 96 events (6.4 events/day) with a threat landscape dominated by malware with 33%, (it was 38% in the second half of last month, once again ahead of ransomware (up to 20% from 14%), and account takeovers ...
In the second timeline of November 2024 I collected 117 events (7.8 events/day) with a threat landscape dominated by malware
It's time to publish the statistics related to the main cyber attacks occurred in June and derived from the two corresponding timelines (Part I and Part II). The summer is here and apparently crooks are partially taking a break, since I collected 96 events (vs ...
It's time to publish the first timeline of October, covering the main cyber attacks occurred between 1 and 15 October 2016. So the good news is that the decreasing trend is confirmed since these first two weeks have shown the lowest number of cyber attacks ...
[The Biggest Data Breaches of 2022
[Leaky Buckets: a List of Cloud Misconfigurations
Click Here](https://www.hackmageddon.com/2021/02/01/leaky-buckets-a-list-of-cloud-misconfigurations/)
[Cloud-Native Threats in 2021
| Date Reported | Date Occurred | Date Discovered | Author | Target | Description | Attack | Target Class | Attack Class | Country | Link | Initial Access | Records Raw | Records |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 04/01/2026 | Late 2025 / Early 2026 | - | Crimson Collective | Brightspeed | Crimson Collective claims to have breached US fiber provider Brightspeed, allegedly exfiltrating personal data for over one million customers. The stolen data includes names, addresses, emails, and payment details. Brightspeed is investigating the claims, though the hackers shared proof of the breach with dark web monitoring experts. | Ransomware | Information/Communication | Cyber Crime | US | Unknown | 1,00 | 1.000.000,00 | |
| 09/01/2026 | As early as August 2024 | 09/01/2026 | dk0m | Armenian Government | Armenian authorities are investigating the alleged sale of 8 million government records on a hacker forum for $2,500. The dataset reportedly includes official notifications from police and judicial bodies. While officials deny a direct email infrastructure breach, they suggest data may have originated from a civil litigation platform. | Unknown | Public Administration | Cyber Crime | AM | Unknown | 8,00 | 8.000.000,00 | |
| 09/01/2026 | 09/01/2026 | 09/01/2026 | Unknown | Betterment | Fintech firm Betterment confirms a data breach after attackers exploited a third-party marketing platform to send fraudulent "triple your crypto" scam emails. While the attackers accessed customer contact details—including names and birthdates—Betterment maintains that core systems, login credentials, and investment accounts remain secure and were not directly compromised. | Account Takeover | Fintech | Cyber Crime | US | Supply Chain Compromise | 1,44 | 1.435.174,00 | |
| 11/01/2026 | Early January 2026 | Early January 2026 | Unknown | Endesa | Spanish energy giant Endesa suffers a major data breach after a threat actor gained unauthorized access to its commercial platform. The attacker exfiltrated roughly 1.05 terabytes of sensitive data, including customer identification, contact details, DNI numbers, and payment information (IBANs), impacting millions of electricity and gas customers in Spain. | Unknown | Electricity/Gas | Cyber Crime | ES | Unknown | 20,00 | 20.000.000,00 | |
| 11/01/2026 | During 2022? | 07/01/2026 | Unknown | Meta (Instagram) denies claims of a data breach after a threat actor alleged the theft of 17.5 million user records. The company maintains its systems are secure, suggesting the "leak" is likely aggregated public data or recycled information from historical third-party breaches rather than a fresh hack of its infrastructure. According to several security researchers the breach comes from an alleged 2022 API leak. | Unknown | Information/Communication | Cyber Crime | US | Misconfiguration? | 17,02 | 17.017.213,00 | ||
| 21/01/2026 | During November 2025 | 21/01/2026 | Everest | Under Armour | Under Armour investigates claims of a data breach after a threat actor leaked a database allegedly containing millions of customer email addresses. While the company confirmed it is looking into the matter, it has not yet verified the authenticity of the leaked data or the specific source. | Ransomware | Wholesale/Retail | Cyber Crime | US | Unknown | 72,00 | 72.000.000,00 | |
| 26/01/2026 | During December 2025 | During December 2025 | ShinyHunters (a.k.a. UNC6040, SLSH, Scattered LAPSUS$ Hunters) | SoundCloud | Threat actors have stolen the personal and contact information belonging to over 29.8 million SoundCloud user accounts after breaching the audio streaming platform's systems. | Unknown | Arts/Entertainment | Cyber Crime | DE | Unknown | 29,80 | 29.800.000,00 |
[...]