What is a data breach?

A data breach is a security incident in which sensitive, protected, or confidential data is accessed, copied, transmitted, or stolen by an unauthorized individual. Data breaches can expose personal information, financial records, intellectual property, and healthcare data.

How many records are exposed in data breaches?

The number of records exposed varies widely by incident. Major breaches can expose hundreds of millions of records. Rankiteo tracks cumulative records exposed across all monitored data breach incidents to provide a comprehensive view of the global breach landscape.

Which industries experience the most data breaches?

Healthcare, financial services, technology, retail, and government sectors consistently experience the highest number of data breaches due to the volume and sensitivity of data they handle, combined with complex IT environments and regulatory requirements.

What is data exfiltration and why does it matter?

Data exfiltration is the unauthorized transfer of data from an organization's network to an external destination controlled by a threat actor. Confirmed exfiltration indicates that stolen data may be sold on dark web marketplaces or used for extortion, making these breaches significantly more impactful than those where exfiltration status is unknown.

How are data breach severity levels determined?

Data breach severity is scored on a 1-10 scale based on factors including the number of records exposed, the sensitivity of the data involved, the exfiltration status, the affected industry's regulatory environment, and the potential downstream impact on individuals and organizations.

Data Breach Statistics & Trends

Q: How does Rankiteo track data breach statistics?

Rankiteo aggregates data breach intelligence from government CERT advisories, breach notification databases (including state attorney general filings), dark web leak sites, vendor security bulletins, and curated open-source threat intelligence feeds. Each incident is automatically classified by severity, industry, exfiltration status, and records exposed.

Comprehensive analytics on 13,022 data breach incidents tracked by Rankiteo. Explore records exposed, affected industries, exfiltration trends, and severity patterns across the global breach landscape.

13,022

Breach Incidents

11036.1B

Records Exposed

14.1K

Companies Affected

77.3

Avg Severity

Data Exfiltration Status

2165

Confirmed Exfiltration (17%)

No Exfiltration (0%)

10801

Unknown / Undisclosed (83%)

11036.1B

Total Records Exposed (5996 known)

Data Breaches Over Time

Most Affected Industries

Hospitals and Health Care

1393

Financial Services

863

Software Development

553

Government Administration

509

Insurance

445

IT Services and IT Consulting

365

Retail

331

Higher Education

330

Banking

324

Non-profit Organizations

242

Law Practice

236

Education Administration Programs

219

Recent Data Breach Incidents

Incident	Severity	Records Exposed	Industry	Date
Hong Kong precision components supplier and Italian maritime port authority: Ransomware Groups Surge In Q4 2025 – Cyble Insights	100 (Critical)	Undisclosed	['International Trade and Development', 'Computer and Network Security']	2026-01-01 00:00:00
npm, Inc.: Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets	100 (Critical)	400.0K	Software Development	2025-12-01 00:00:00
Tencent, MySpace, Twitter, Weibo, Canva, Adobe, Deezer, AdultFriendFinder, U.S. Government and Brazil Government: The 12-Terabyte Ghost: How a Record-Shattering Data Leak Is Arming a New Generation of Cyberattacks	100 (Critical)	26.0B	['Software Development', 'Technology, Information and Internet', 'Government Administration', 'Entertainment Providers', 'Musicians']	2025-01-01 00:00:00
SolarWinds, Kaseya, MoveIt Transfer, PowerSchool, DaVita, NASCAR, Marks & Spencer, Caesars Entertainment and Change Healthcare: Ransomware trends, statistics and facts in 2026	100 (Critical)	62.0M	['Hospitality', 'Consumer Services', 'Spectator Sports', 'E-Learning Providers', 'Retail', 'Software Development', 'Information Technology & Services', 'Hospitals and Health Care']	2024-12-25 00:00:00
Co-operative Group, Ingram Micro, Salesforce, Jaguar Land Rover, Oracle, Synnovis and DaVita: Top 10 Ransomware Attacks Over The Past Year	100 (Critical)	Undisclosed	['Retail', 'Software Development', 'Information Technology & Services', 'IT Services and IT Consulting', 'Hospitals and Health Care', 'Motor Vehicle Manufacturing', 'Medical and Diagnostic Laboratories']	2025-01-01 00:00:00
Lamborghini, Volkswagen Group, Porsche, Bentley, Škoda, SEAT and Audi: Volkswagen Allegedly Hit by Ransomware Attack as 8Base Claims Sensitive Data Theft	100 (Critical)	Undisclosed	['Motor Vehicle Manufacturing']	2025-10-19 00:00:00
Salesforce	100 (Critical)	1.5B	Software Development	2025-10-03 00:00:00
T-Mobile	100 (Critical)	50.0M	Unknown	2021-08-01 00:00:00
Collins Aerospace (RTX Corp)	100 (Critical)	Undisclosed	Aviation and Aerospace Component Manufacturing	2025-09-21 00:00:00
Oracle	100 (Critical)	Undisclosed	IT Services and IT Consulting	2025-08-01 00:00:00
Oracle	100 (Critical)	Undisclosed	IT Services and IT Consulting	2025-07-10 00:00:00
Qilin, Akira, LockBit, DragonForce and Safepay: Ransomware activity never dies, it multiplies	100 (Critical)	Undisclosed	['Software Development', 'Financial Services', 'Computer and Network Security', 'Public Safety', 'Information Technology & Services']	2024-06-16 00:00:00
McDonald’s India, ASUS, Connaught Plaza Restaurants, Hardcastle Restaurants and Nissan Motor Corporation: Everest Ransomware Group Allegedly Claims to Have Breached McDonald’s India	100 (Critical)	Undisclosed	['Computer Hardware Manufacturing', 'Motor Vehicle Manufacturing', 'Food and Beverage Services', 'Restaurants']	2017-06-16 00:00:00
Qilin, CL0P, Salesforce, Sinobi and Play: Ransomware and Supply Chain Attacks Set Records in 2025	100 (Critical)	Undisclosed	['Computer and Network Security', 'Software Development', 'Recreational Facilities']	2024-06-16 00:00:00
Conduent, DaVita, Sanrio, Oracle and Asahi Group: Global ransomware attacks rose 32% in 2025, as manufacturers emerged as top target	100 (Critical)	59.2M	['Hospitals and Health Care', 'Food and Beverage Services', 'Business Consulting and Services', 'Manufacturing', 'IT Services and IT Consulting']	2026-01-15 00:00:00
Jalisco state government, Mexico’s national electoral institute, Tamaulipas state government and Mexico City’s civil registry: Hacker Used Anthropic’s Claude to Steal Sensitive Mexican Data	100 (Critical)	Undisclosed	['Government Administration']	2025-12-01 00:00:00
Salesloft	100 (Critical)	Undisclosed	Software Development	2025-09-25 00:00:00
Dimensional Control Systems (DCS)	100 (Critical)	Undisclosed	Mechanical Or Industrial Engineering	2025-10-04 00:00:00
Hitachi Vantara	100 (Critical)	Undisclosed	IT Services and IT Consulting	2025-04-26 00:00:00
Clackamas Community College, Fall River Public Schools and Pell City School System: Clackamas Community College notifies 33,000+ people of data breach that leaked SSNs, student records, and more	100 (Critical)	33.4K	['Higher Education', 'Primary and Secondary Education']	2025-10-29 00:00:00

Data Breach Statistics & Trends — 2026 Overview

Data breaches remain one of the most damaging categories of cyber incidents, exposing sensitive personal information, financial records, healthcare data, and intellectual property at massive scale. Rankiteo continuously monitors global breach disclosures to deliver a comprehensive, real-time view of the data breach landscape — including total records exposed, exfiltration confirmation rates, severity patterns, and the industries most affected.

This page aggregates intelligence from 13,022 tracked data breach incidents. Each incident is classified by severity, industry, exfiltration status, and the number of records compromised, enabling security professionals, risk managers, and insurers to make data-driven decisions.

Why Data Breach Statistics Matter

Understanding breach trends is critical for multiple stakeholders across the cybersecurity ecosystem:

CISOs & Security Teams: Identify which industries and data types are most frequently targeted to prioritize data protection controls and detection capabilities.
Third-Party Risk Managers: Evaluate supplier and vendor exposure to data breaches when assessing supply chain risk and conducting due diligence.
Cyber Insurers & Underwriters: Use breach frequency, records exposed, and industry concentration data to model portfolio risk and price premiums accurately.
Compliance & Legal Teams: Track breach notification obligations under GDPR, CCPA, HIPAA, and SEC disclosure requirements using real incident data.
Executives & Boards: Communicate the scale of the breach problem with concrete statistics to justify investments in data security and incident response capabilities.

Understanding Data Exfiltration

Not every data breach involves confirmed data exfiltration — the actual transfer of stolen data outside the victim's network. Rankiteo tracks the exfiltration status of each incident as "Confirmed", "No Exfiltration", or "Unknown/Undisclosed". Breaches with confirmed exfiltration are typically more severe, as they indicate that sensitive data has been accessed and removed by threat actors, often for sale on dark web marketplaces or use in extortion schemes.

Records Exposed: Scale & Impact

The number of records exposed in a data breach is a key metric for assessing impact. A single major breach can expose hundreds of millions of records — including names, email addresses, Social Security numbers, credit card data, and medical records. Rankiteo normalizes diverse record count formats (exact numbers, estimates, ranges) into standardized figures to enable accurate aggregation and comparison across incidents.

Methodology & Related Resources

Rankiteo identifies data breach incidents by monitoring government CERT advisories, breach notification databases (including state attorney general filings), dark web leak sites, vendor security bulletins, and curated open-source threat intelligence feeds. Each incident is automatically classified, scored for severity, and enriched with industry and entity data before being added to this dataset.

Explore related threat intelligence from Rankiteo:

Ransomware Tracker: Strain breakdowns, industry impact, and threat actor analysis for ransomware incidents.
Threat Actor Leaderboard: The most prolific threat actors ranked by incident count and severity.
Cyber Incident Trends: Year-over-year and monthly trend analysis across all attack types.
Top Exploited Vulnerabilities: CVEs most actively leveraged by threat actors in the wild.
Rating Methodology: How Rankiteo scores companies and incidents using its Cyber Resilience framework.