2026 Data Breaches: Cybersecurity Incidents Explained
Data breaches are part of the modern digital world. Why they happen varies, but there’s almost always a negative consequence for companies and their customers. Each month, we’ll reveal the latest 2026 data breaches, along with the scope and key lessons for security professionals to consider to prevent or limit exposure should one occur.
Data Breaches from January 2026
We’re kicking off 2026 data breaches with a review of January. The incidents in January cover multiple industries. What’s unique about this batch is that there was data exposure of both consumers and corporations. Explore the cases in January and the key insights into preventing these in your organization.
Illinois and Minnesota Department of Human Services
Both Illinois and Minnesota experienced a system failure that exposed the personal data of nearly one million people. In the Illinois incident, sensitive information was on display publicly and was visible for four years.
The Minnesota breach was the result of excessive internal access, leading to improper disclosure.
- Scale of breach: Around one million individuals
- Data exposed: Names, addresses, case numbers, case status, and referral information (Illinois); names, addresses, email addresses, dates of birth, phone numbers, Medicaid ID, the first four digits of Social Security numbers, and other protected information (Minnesota).
- Breach cause: In Illinois, an error caused patient data to be publicly viewable. In Minnesota, the culprit was unauthorized access to data that was outside the scope of their work assignments.
- Data breach notifications:
-
- Report from HIPAA Journal (Illinois)
Key Lessons
It's imperative for every organization to have complete visibility of where sensitive data resides. Automated discovery ensures the consistent application of protection. For four years, the data of Illinois residents was available online. Having an always-up-to-date inventory of this data can prevent such misconfigurations.
Identity access control (IAC) plays a key role in thwarting unauthorized access, but relying on it as the last line of defense has shortcomings. Managing specific access can be cumbersome, but some platforms can streamline this. Also, protecting data through encryption, masking, or redaction means that exfiltrated data is mostly useless.
Ledger and Global-e
Ledger, a crypto wallet platform, confirmed a customer data breach related to its e-commerce payment partner, Global-e. While there were no crypto assets stolen, hackers later used this information in phishing campaigns.
- Scale of breach: Unknown
- Data exposed: Name, addresses, email addresses, phone numbers, and order details.
- Breach cause: The company identified unusual activity in its cloud systems and moved to secure it. They did not disclose the root cause.
- Data breach notification: Global-e Statement
Key Lessons
Companies should adopt persistent encryption and protection across all environments. With such a proactive strategy in place, organizations can protect across the enterprise. When security is data-centric, it reduces the effect of breaches.
Cloud-Sharing Sites
The threat actor Zestix has been selling corporate data stolen from multiple companies. They are acting as an initial access broker (IAB) on the dark web. The hack occurred due to stolen credentials. ShareFile, Nextcloud, and OwnCloud were all victims of the attack. There were impact organizations across many sectors, including aviation, defense, healthcare, utilities, mass transit, telecom, legal, real estate, and government.
- Scale of breach: Unknown
- Data exposed: Highly sensitive corporate data, including health records and government contracts.
- Breach cause: Stolen credentials and lack of multi-factor authentication
- Breach investigation: Infostealers published a detailed analysis of the hacks.
Key Lessons
Cloud exposure has been a risk component for many years. Unfortunately, there are systemic issues regarding the use of best practices. MFA has become mandatory in many regulations. Will this alone be enough to reduce unauthorized access? No, but enterprise-wide data encryption, redaction, and masking limit the fallout of such an attack.
On January 24, Nike launched an investigation into a possible cyber attack. This action came after WorldLeaks claimed it had stolen and posted 1.4 terabytes of internal company data.
- Scale of breach: 1.4 terabytes of company data
- Date exposed: Product development intellectual property and supply chain logistics
- Breach cause: Not defined, but threat intelligence firms have suggested a connection to supply chain infrastructure.
- Breach report: The National CIO Review provided an extensive review of the attack and leak.
Lessons Learned
This data breach involves corporate data versus customer data. Investigators did not find personal identifiers. However, the leak of IP and other trade secrets could have been of value to competitors.
Organizations should enforce security controls and cybersecurity best practices with supply chain vendors. Additionally, security embedded into data follows it wherever it goes.
Crunchbase
Crunchbase confirmed a data breach in January after a hack. ShinyHunters, a cybercrime group, claimed responsibility. The company revealed there was file exfiltration but said there were no operational disruptions. The incident is still under investigation, and they have yet to send any notifications to customers.
- Scale of breach: Two million records
- Data exposed: PII and corporate data (e.g., contracts and internal documents)
- Breach cause: Social engineering campaign using voice phishing techniques
- Breach report: SecurityWeek was the first to report the story and received confirmation from Crunchbase.
Lessons Learned
Social engineering, especially deepfakes, is much more sophisticated than ever before. They are emerging as a key way for hackers to compromise credentials. While you can't eliminate all breach risk, you can take proactive steps to minimize the impact. Examples include:
- Identifying older files and enforcing data retention policies
- Using encryption mechanisms that stay with data
- Applying data discovery and classification solutions to build an inventory of sensitive information
Match Group
The family of Match dating apps finishes out the list of the major 2026 data breaches in January. ShinyHunters was also the cyber criminal in this case. The group claimed they have millions of documents, while Match called it a "security incident" that is still under investigation.
- Scale of breach: 10 million records
- Data exposed: User and corporate data
- Breach cause: According to ShinyHunters dark web leak site, it cited AppsFlyer as the entry point. AppsFlyer is a marketing analytics company for apps.
- Breach report: The Register published a review of the breach and exposures.
Lessons Learned
It appears this is another third-party system failure. Data sharing for analytics is essential to any business but carries risk. Secure data exchange, internally or externally, with modern encryption allows for access while safeguarding data.
Data breaches are part of the modern digital world. Why they happen varies, but there’s almost always a negative consequence for companies and their customers. Each month, we’ll reveal the latest 2026 data breaches, along with the scope and key lessons for security professionals to consider to prevent or limit exposure should one occur.
Data Breaches from January 2026
We’re kicking off 2026 data breaches with a review of January. The incidents in January cover multiple industries. What’s unique about this batch is that there was data exposure of both consumers and corporations. Explore the cases in January and the key insights into preventing these in your organization.
Illinois and Minnesota Department of Human Services
Both Illinois and Minnesota experienced a system failure that exposed the personal data of nearly one million people. In the Illinois incident, sensitive information was on display publicly and was visible for four years.
The Minnesota breach was the result of excessive internal access, leading to improper disclosure.
- Scale of breach: Around one million individuals
- Data exposed: Names, addresses, case numbers, case status, and referral information (Illinois); names, addresses, email addresses, dates of birth, phone numbers, Medicaid ID, the first four digits of Social Security numbers, and other protected information (Minnesota).
- Breach cause: In Illinois, an error caused patient data to be publicly viewable. In Minnesota, the culprit was unauthorized access to data that was outside the scope of their work assignments.
- Data breach notifications:
-
- Report from HIPAA Journal (Illinois)
Key Lessons
It's imperative for every organization to have complete visibility of where sensitive data resides. Automated discovery ensures the consistent application of protection. For four years, the data of Illinois residents was available online. Having an always-up-to-date inventory of this data can prevent such misconfigurations.
Identity access control (IAC) plays a key role in thwarting unauthorized access, but relying on it as the last line of defense has shortcomings. Managing specific access can be cumbersome, but some platforms can streamline this. Also, protecting data through encryption, masking, or redaction means that exfiltrated data is mostly useless.
Ledger and Global-e
Ledger, a crypto wallet platform, confirmed a customer data breach related to its e-commerce payment partner, Global-e. While there were no crypto assets stolen, hackers later used this information in phishing campaigns.
- Scale of breach: Unknown
- Data exposed: Name, addresses, email addresses, phone numbers, and order details.
- Breach cause: The company identified unusual activity in its cloud systems and moved to secure it. They did not disclose the root cause.
- Data breach notification: Global-e Statement
Key Lessons
Companies should adopt persistent encryption and protection across all environments. With such a proactive strategy in place, organizations can protect across the enterprise. When security is data-centric, it reduces the effect of breaches.
Cloud-Sharing Sites
The threat actor Zestix has been selling corporate data stolen from multiple companies. They are acting as an initial access broker (IAB) on the dark web. The hack occurred due to stolen credentials. ShareFile, Nextcloud, and OwnCloud were all victims of the attack. There were impact organizations across many sectors, including aviation, defense, healthcare, utilities, mass transit, telecom, legal, real estate, and government.
- Scale of breach: Unknown
- Data exposed: Highly sensitive corporate data, including health records and government contracts.
- Breach cause: Stolen credentials and lack of multi-factor authentication
- Breach investigation: Infostealers published a detailed analysis of the hacks.
Key Lessons
Cloud exposure has been a risk component for many years. Unfortunately, there are systemic issues regarding the use of best practices. MFA has become mandatory in many regulations. Will this alone be enough to reduce unauthorized access? No, but enterprise-wide data encryption, redaction, and masking limit the fallout of such an attack.
On January 24, Nike launched an investigation into a possible cyber attack. This action came after WorldLeaks claimed it had stolen and posted 1.4 terabytes of internal company data.
- Scale of breach: 1.4 terabytes of company data
- Date exposed: Product development intellectual property and supply chain logistics
- Breach cause: Not defined, but threat intelligence firms have suggested a connection to supply chain infrastructure.
- Breach report: The National CIO Review provided an extensive review of the attack and leak.
Lessons Learned
This data breach involves corporate data versus customer data. Investigators did not find personal identifiers. However, the leak of IP and other trade secrets could have been of value to competitors.
Organizations should enforce security controls and cybersecurity best practices with supply chain vendors. Additionally, security embedded into data follows it wherever it goes.
Crunchbase
Crunchbase confirmed a data breach in January after a hack. ShinyHunters, a cybercrime group, claimed responsibility. The company revealed there was file exfiltration but said there were no operational disruptions. The incident is still under investigation, and they have yet to send any notifications to customers.
- Scale of breach: Two million records
- Data exposed: PII and corporate data (e.g., contracts and internal documents)
- Breach cause: Social engineering campaign using voice phishing techniques
- Breach report: SecurityWeek was the first to report the story and received confirmation from Crunchbase.
Lessons Learned
Social engineering, especially deepfakes, is much more sophisticated than ever before. They are emerging as a key way for hackers to compromise credentials. While you can't eliminate all breach risk, you can take proactive steps to minimize the impact. Examples include:
- Identifying older files and enforcing data retention policies
- Using encryption mechanisms that stay with data
- Applying data discovery and classification solutions to build an inventory of sensitive information
Match Group
The family of Match dating apps finishes out the list of the major 2026 data breaches in January. ShinyHunters was also the cyber criminal in this case. The group claimed they have millions of documents, while Match called it a "security incident" that is still under investigation.
- Scale of breach: 10 million records
- Data exposed: User and corporate data
- Breach cause: According to ShinyHunters dark web leak site, it cited AppsFlyer as the entry point. AppsFlyer is a marketing analytics company for apps.
- Breach report: The Register published a review of the breach and exposures.
Lessons Learned
It appears this is another third-party system failure. Data sharing for analytics is essential to any business but carries risk. Secure data exchange, internally or externally, with modern encryption allows for access while safeguarding data.
