LIVE BREACH COVERAGE
Breach Tracker
Real-time intelligence on every notable data breach: who was hit, what was taken, how it happened, and what defenders can learn. Built from primary-source reporting, regulator filings and original incident-response interviews.
3,142Breaches tracked (2025)
5.7BRecords exposed
$4.9MAverage breach cost
204 daysMedian dwell time
Latest breach reports
All breach coverage →No breach posts yet. Add posts in the "Breaches" category to populate this section.
Notable breaches reference
| Year | Organisation | Records | Data type | Root cause |
|---|---|---|---|---|
| 2024 | National Public Data | 2.9B | Background-check data | Unsecured backup |
| 2024 | Change Healthcare | 100M+ | PHI, payment, claim data | BlackCat ransomware |
| 2023 | MOVEit / Cl0p victims | 95M+ | Mixed PII, financial | CVE-2023-34362 zero-day |
| 2023 | T-Mobile | 37M | Customer data | API abuse |
| 2022 | Twitter / X | 5.4M | Linked emails / phone | API vulnerability |
| 2021 | LinkedIn (scraped) | 700M | Profile data | API scraping |
| 2021 | Facebook (scraped) | 533M | Phone, email, biographic | Contact-import abuse |
| 2019 | First American Financial | 885M | Mortgage documents | IDOR |
| 2017 | Equifax | 147M | SSNs, financial | Unpatched Apache Struts |
| 2013 | Yahoo | 3B | Account credentials | State-sponsored intrusion |
Defender playbook
You've confirmed a breach. What now?
The first 72 hours determine whether a breach becomes an incident or a crisis. Use this 8-step checklist, distilled from incident-response engagements TCN has reported on.
Get a DFIR shortlist (24h) →- Confirm scope — identify affected systems, users and data classes.
- Activate incident response team and legal counsel within the first hour.
- Preserve evidence — image affected hosts before remediation.
- Contain the breach — revoke credentials, block IoCs, isolate systems.
- Notify regulators per applicable law (72h GDPR, varies by jurisdiction).
- Communicate transparently with affected parties — over-disclose, never under.
- Engage cyber-insurance carrier and forensic firm in parallel.
- Root-cause analysis and a public post-mortem when remediation completes.
Active incident?
Get my shortlist →
Get a DFIR + IR shortlist in 24h
Tell us your environment and we will send three vetted DFIR firms that can respond now. Free, no obligation.
🔐 Know about a breach the public doesn't?
Whistleblowers, internal sources and IR responders: share securely via Signal, PGP or SecureDrop. Sources are protected absolutely.