Data Breach Tracker: US Company Security Incidents
133
AprilβMay 2026
Security & Stability
Confirmed data breaches and cyber security incidents reported by US companies each month, sourced from SEC 8-K filings, state attorney general breach notifications, cybersecurity news, and company disclosures. Each record covers the affected organisation, number of records exposed, data types compromised (personal information, financial data, health records), attack method where disclosed, and notification date. Only events confirmed by at least one authoritative source are included.
Data breach or security incident exposing customer or user records reported at a company in the US in the past month
CISOs and security teams use it to benchmark incident frequency by sector and identify systemic attack patterns across industries. Cyber insurance underwriters use it to assess risk exposure and loss trends. Legal and compliance teams track breach notification timelines and regulatory responses. Journalists and researchers covering cybersecurity use it as a structured, sourced record of confirmed incidents.
14914
<table class="catchall-table"><thead><tr><th style="min-width:40px">#</th><th style="min-width:200px">Company</th><th style="min-width:140px;white-space:nowrap">Breach Type</th><th style="min-width:120px;white-space:nowrap">Records Exposed</th><th style="min-width:320px">Data Categories Exposed</th><th style="min-width:120px;white-space:nowrap">Date</th><th style="min-width:120px;white-space:nowrap">Source</th></tr></thead><tbody><tr><td>1</td><td style="min-width:200px">Kent District Library</td><td style="min-width:140px">Ransomware</td><td style="min-width:120px">181,000</td><td style="min-width:320px">addresses, phone numbers, license</td><td style="min-width:120px">2026-04-24</td><td style="white-space:nowrap"><a href="https://www.wzzm13.com/article/news/local/no-answers-as-cherry-health-kdl-tech-outages-drag-on-for-days/69-a56c285a-6b90-4f75-b6e1-fdf10e7a1036" target="_blank" rel="nofollow">wzzm13.com</a></td></tr><tr><td>2</td><td style="min-width:200px">Medtronic</td><td style="min-width:140px">Unauthorized Access</td><td style="min-width:120px">1.0M</td><td style="min-width:320px">personal information</td><td style="min-width:120px">2026-04-24</td><td style="white-space:nowrap"><a href="https://www.morningstar.com/news/dow-jones/202604272898/medtronic-says-some-it-systems-accessed-in-cyber-breach" target="_blank" rel="nofollow">morningstar.com</a></td></tr><tr><td>3</td><td style="min-width:200px">Interim Healthcare of West Texas</td><td style="min-width:140px">β</td><td style="min-width:120px">3,047</td><td style="min-width:320px">Names of individuals, Addresses, Medical information, Health insurance information, Dates of birth</td><td style="min-width:120px">2026-04-24</td><td style="white-space:nowrap"><a href="https://www.claimdepot.com/investigations/interim-healthcare-data-breach-2026" target="_blank" rel="nofollow">claimdepot.com</a></td></tr><tr><td>4</td><td style="min-width:200px">Pine Bluff School District</td><td style="min-width:140px">Unauthorized Access</td><td style="min-width:120px">β</td><td style="min-width:320px">β</td><td style="min-width:120px">2026-04-26</td><td style="white-space:nowrap"><a href="https://katv.com/community/good-morning-arkansas/replace-your-windshield-with-gwatney-collision-center" target="_blank" rel="nofollow">katv.com</a></td></tr><tr><td>5</td><td style="min-width:200px">ADT</td><td style="min-width:140px">Unauthorized Access</td><td style="min-width:120px">β</td><td style="min-width:320px">customer data</td><td style="min-width:120px">2026-04-27</td><td style="white-space:nowrap"><a href="https://www.itsecuritynews.info/adt-data-breach-toronto-sms-blasting-pre-stuxnet-malware-discovery" target="_blank" rel="nofollow">itsecuritynews.info</a></td></tr><tr class="catchall-blurred"><td>ββββββββββββ</td><td>ββββββββββββ</td><td>ββββββββββββ</td><td>ββββββββββββ</td><td>ββββββββββββ</td><td>ββββββββββββ</td><td>ββββββββββββ</td><td>ββββββββββββ</td></tr><tr class="catchall-blurred"><td>ββββββββββββ</td><td>ββββββββββββ</td><td>ββββββββββββ</td><td>ββββββββββββ</td><td>ββββββββββββ</td><td>ββββββββββββ</td><td>ββββββββββββ</td><td>ββββββββββββ</td></tr><tr class="catchall-blurred"><td>ββββββββββββ</td><td>ββββββββββββ</td><td>ββββββββββββ</td><td>ββββββββββββ</td><td>ββββββββββββ</td><td>ββββββββββββ</td><td>ββββββββββββ</td><td>ββββββββββββ</td></tr></tbody></table>
<h3>What is the difference between this and Have I Been Pwned?</h3><p>Have I Been Pwned focuses on individual credential exposure. This tracker covers corporate breach events β affected company, breach scope, attack type, and regulatory notification β making it suited to enterprise risk monitoring rather than personal account checks.</p><h3>Are healthcare and financial sector breaches included?</h3><p>Yes. HIPAA-covered healthcare breaches appear via HHS breach portal notifications; financial institution incidents come from SEC filings and sector-specific reporting.</p><h3>How does CatchAll validate a breach before including it?</h3><p>Inclusion requires at least one authoritative source β a regulatory filing, company press release, or official notification. Unconfirmed reports from security researchers or forums are excluded.</p><h3>What is the refresh rate of this dataset?</h3><p>We rerun this dataset once a month. You can create your own dataset that updates as frequently as every one hour on <a href="https://platform.newscatcherapi.com/catchall">platform.newscatcherapi.com/catchall</a></p>