● Live — Updated Weekly

This week in breaches.

What happened, who's affected, and what it means for your data.

Why this matters: Every breach on this page represents real people whose permanent data — Social Security numbers, medical records, dates of birth — is now compromised forever. We track these events to show why the 50 platforms graded in Digitally Undressed aren't theoretical risk. They're active targets.
Week of March 9–15, 2026
!!!

ShinyHunters breach ~100 companies via Salesforce misconfig

Exploited overly permissive guest user settings on Experience Cloud. Affected companies include Snowflake, Okta, LastPass, Sony, AMD, and Salesforce itself. Not a zero-day — a default setting.

Mar 11 · Salesforce Experience Cloud · Misconfiguration
25M

Conduent breach grows to 25 million affected

Originally reported at 10M, now over 25M across multiple states. Texas alone jumped from 4M to 15.4M. Attackers inside for 3 months, 8TB exfiltrated. Conduent processes benefits for 100M+ Americans.

Mar 10 · Healthcare/Government · Ransomware
3.4M

TriZetto exposes 3.4M protected health records

Insurance eligibility records, medical histories, and verification transaction data. A Cognizant subsidiary breach with downstream impact across healthcare providers.

Mar 6 · Healthcare · Third-party breach
???

LexisNexis confirms breach of Legal & Professional division

Exploited via unpatched React2Shell vulnerability (CVSS 10.0). Claims only "legacy" data taken. LexisNexis holds credit, court, shopping, and political data on hundreds of millions of people.

Mar 4 · Data Broker · Unpatched vulnerability
ERC

Ericsson discloses breach to three state attorneys general

Filed with California, Maine, and Texas AGs. A global telecom infrastructure company handling 5G, IoT, and government/military sector communications.

Mar 9 · Telecom · Disclosure
NEW

South Korea enacts punitive data breach fines

Meanwhile the United States still has no federal privacy law, no mandatory breach notification timeline, and no standardized penalties. Companies continue to write their own rules.

Mar 10 · Regulatory · International
Week of March 2–8, 2026
170G

AkzoNobel confirms US site breach — 170GB stolen by Anubis

Confidential agreements, emails, passport scans, and internal technical specs. A $12B global paint manufacturer breached through a US subsidiary.

Mar 5 · Manufacturing · Ransomware (Anubis)
42M

Canadian Tire breach confirmed at 42 million accounts

Originally disclosed in October 2025. Have I Been Pwned now reports 42M records including 38M unique email addresses, physical addresses, phone numbers, and gender data.

Mar 4 · Retail · E-commerce database
38M

ManoMano breach impacts 38 million users

European DIY retailer. Compromised via a subcontractor's Zendesk instance. 43GB of data including 900K+ support tickets and 13K attachments.

Mar 3 · Retail · Third-party (Zendesk)
11 breaches per day. 4,100+ publicly disclosed in 2025. Average time to detect and contain: 241 days. Average cost: $4.44 million. These are just the ones that got reported. Read the full analysis →
← Back to Digitally Undressed