February 2026 Data Breaches (So Far)
02 Feb 2026
Top data breaches of February 2026
2026 began with some of the biggest and most impactful data breaches that have costed organizations days of operations, terabytes of data, and years of reputation.
Attackers have become more advanced with their techniques using AI to drive more stealthy and automated attacks that target sensitive information assets by exploiting hidden unaddressed weaknesses and awareness gaps.
Let us take a closer look at some of the top data breaches of February 2026.
Top data breaches of February 2026
Victim: Wynn Resorts
About
Wynn Resorts is a Nevada-based chain of hotels and casinos that was founded in 2002. It operates across 5 resorts, 200 luxury retail outlets, and 81 restaurants globally.
Industry
Hospitality
What happened?
Wynn Resorts has become a victim of a data breach. ShinyHunters ransomware group has claimed responsibility for the breach.
Impact
The data breach has compromised 800000 sensitive records. The nature of the data compromised is under investigation.
Source
Victim: American National Standards Institute (ANSI)
About
The American National Standards Institute is a Washington-based nonprofit organization that develops national standards for systems, processes, and personnel.
Industry
Nonprofit
What happened?
ANSI’s database was leaked on a data breach forum on February 22.
Impact
The leaked database contains approximately 2.3 terabytes of data, including ANSI standards documents, internal communications, draft and rejected standards, historical files, metadata, access logs, and technical committee records.
Source
Victim: Car Gurus
About
CarGurus is a Boston-based online solution provider known for its automotive research and shopping website that provides comparative information on local listings of new and used cars, along with contact information of owners.
Industry
Internet/Automotive
What happened?
CarGurus became a victim of a ransomware attack that was orchestrated by the ShinyHunters ransomware group.
Impact
The ransomware attack compromised over 1.7 million records and 12.6 million accounts containing personally identifiable information, corporate data, and customer and user records, including email addresses, account creation dates, user UUIDs, internal IDs, internal corporate records, and IP addresses.
Source
Victim: Wendy’s
About
Wendy’s is an American fast-food chain that operates across over 7000 outlets globally, known for its hamburgers, fries, and sandwiches.
Industry
Fast food
What happened?
Wendy’s discovered that a database belonging to its international franchise was leaked on a data breach forum on 22nd February.
Impact
The data breach has compromised franchise-related data, including store names, internal IDs, franchise and venue details, location data, operational metadata, contact email addresses, and API keys.
Source
Victim: PayPal
About
PayPal Holdings Inc. is a financial technology company known for its online payment system, which is used by organizations globally.
Industry
Financial Technology
What happened?
PayPal became a victim of a data breach and immediately implemented its incident response measures, notified and refunded the affected users.
Impact
The data breach compromised personal data of customers, including their names, Social Security Numbers, dates of birth, phone numbers, and business addresses.
Source
Victim: Hazeldenes
About
Hazeldenes is an Australian-based poultry producer known for its RSPCA-approved chicken amongst wholesalers, retailers, and customers. It is one of the largest producers in the country.
Industry
Poultry
What happened?
Hazeldenes reported that it got hit by a cyber attack that disrupted its production. The company executed its incident response protocols on February 19th.
Impact
The nature and quantity of the data compromised in the data breach are under investigation.
Source
Victim: Abbott Media Productions
About
Abbott Media Productions is a Tucson-based video and animation production company offering a range of services from product animation, motion graphics, to 3D interactive applications.
Industry
Media
What happened?
Abbott Media Productions became a victim of a ransomware attack that was orchestrated by the Interlock ransomware group.
Impact
The nature and quantity of data compromised in the data breach are under investigation.
Source
Victim: Mayfair Hotels and Resorts
About
Mayfair Hotels and Resorts is a chain of luxury properties and resorts in India. It has over 17 properties in the country and is known for showcasing heritage with luxury.
Industry
Hospitality
What happened?
Mayfair hotels and resorts became a victim of a ransomware attack that was orchestrated by the Shinobi ransomware group.
Impact
The nature and quantity of data compromised are under investigation.
Source
Victim: YouX
About
YouX is a financial technology organization that is based in Sydney, known for its platform.
Industry
Fintech
What happened?
YouX discovered unauthorized access to its systems and identified that the personal data of its customers may have been compromised.
Impact
The data breach compromised 141 GB of personal data of its customers, including 629597 loan applications, 607822 residential addresses, 229236 driver’s licenses, and 444538 personal details like names and phone numbers.
Source
Victim: UMMC – University of Mississippi Medical Center
About
University of Mississippi Medical Center, which is also known as Medical Center, offers patient-centered treatment and clinical services to the residents of Mississippi.
Industry
Education
What happened?
UMMC became a victim of a ransomware attack. The medical center immediately engaged its incident response measures.
Impact
The ransomware attack caused disruption of the medical center’s services. The healthcare had to shift to manual processes, reschedule appointments, and cancel outpatient appointments.
Source
Victim: Adidas
About
Adidas is the largest manufacturer of clothing in Europe. It is recognized for its long history in providing sports equipment for the FIFA World Cup series.
Industry
Apparel
What happened?
Adidas confirmed that an independent licensing partner became a victim of a data breach, which was carried out by the Lapsus$ Group.
Impact
The data breach compromised 815000 files, including passwords, dates of birth, email addresses, company names, and technical data.
Source
Victim: Figure
About
Figure is a Nevada-based fintech company known for its blockchain-based platforms that are used in capital, asset management, and lending markets.
Industry
Fintech
What happened?
Figure became a victim of a ransomware attack that was orchestrated by the Shiny Hunterz ransomware group.
Impact
The ransomware attack compromised 2.5 GB of data of over 900k people, including their email addresses, names, physical addresses, dates of birth, and phone numbers.
Source
Victim: Odido
About
Odido is a Netherlands-based telecom services provider with over a million customers across the nation. It offers broadband, television, and mobile services.
Industry
Telecommunications
What happened?
Odido detected unauthorized activity on its systems on February 7th, after which it launched an investigation.
Impact
The data breach compromised information of 6.2 million customers, including their full names, addresses, mobile numbers, customer numbers, email addresses, Dates of birth, IBAN, and other identification data (passport, driver’s license numbers, and validity)
Source
Victim: Washington Hotel, Japan
About
Washington Hotel is a chain of hotels that operates across 30 locations in Japan, known for its hospitality services, guest rooms, and restaurants.
Industry
Hospitality
What happened?
On February 13th, Washington Hotel Japan detected that hackers had breached its network, and its IT team immediately enabled its incident response measures.
Impact
The cyber attack compromised data stored in its servers, including business data, and has impacted the operations of some of the hotel’s properties and credit card terminals.
Source
Victim: Denton Municipal Utilities
About
The Denton Utilities is a water, wastewater, and drainage service provider based in Denton, Texas, offering online services for the payment of utility bills.
Industry
Public sector
What happened?
BridgePay, a payment vendor for Denton Utility, became a target of a cyber attack, causing disruption of its (Denton Utility’s) bill payment services.
Impact
The ransomware attack caused massive disruption in bill payment services and may have compromised the data of its customers.
Source
Victim: European Commission
About
The European Commission is the European Union’s primary executive body operating as the cabinet government.
Industry
Public sector
What happened?
The European Commission’s central infrastructure identified signs of a cyber attack. Within 9 hours, the incident was contained.
Impact
The European Commission reported on 30th January that the cyber attack may have compromised its staff’s personal data, including their names and mobile numbers.
Source
Victim: DAF Directorate of File Automation (DAF) Senegal
About
The Directorate of File Automation (DAF) is Senegal’s government agency responsible for managing the identification documents, including ID cards, biometric records, passports, and electoral data.
Industry
Public sector
What happened?
The DAF became a victim of a cyber attack, causing massive disruption in operations and a temporary suspension of production.
Impact
The attack compromised 139 TB of data, including the citizen database, biometric data, immigration records, and backup systems. It also caused a massive disruption in operations for five days and the suspension of production.
Source
Victim: Terry Reilly Health Services
About
Terry Reilly is a Treasure Valley-based healthcare services provider that offers affordable and accessible comprehensive healthcare services to its residents.
Industry
Healthcare
What happened?
Terry Reilly discovered that its third-party vendor has become a victim of a cyber attack.
Impact
The data breach has compromised data belonging to patients, including their personal information, including names, birthdates, health insurance numbers, insurer information, and personal health and insurance records.
Source
Victim: Japan Airlines
About
Japan Airlines is one of the biggest airlines in Japan and is part of the JAL group of companies. It was founded in 1951 as a government-owned business and became Japan’s national airline in 1953.
Industry
Airlines
What happened?
Japan Airlines discovered unauthorized access to its systems and data on 9th February 2026.
Impact
The cyber attack compromised the data of its customers who have used the service since July 2024, including their names, phone numbers, email addresses, and travel-related details like departure and arrival airports, hotel names, and flight numbers.
Source
Victim: Flickr
About
Flickr is a California-based online services provider known for its video and image hosting service. It hosts the largest collection of creative licensed photos on the web.
Industry
Online services
What happened?
Flickr notified its users in February that their data had been compromised in a data breach caused by a cyber attack on their third-party provider.
Impact
The data breach compromised the data of members, including their usernames, IP addresses, location data, account types, and activity on Flickr.
Source
Victim: San Diego Eye Bank
About
The San Diego Eye Bank is a provider of sight restoration and preservation services founded in 1960. It collects, processes, and distributes human ocular tissues. It also engages in research and offers evaluation and therapy services.
Industry
Biotechnology Research
What happened?
The San Diego Eye Bank became a victim of a ransomware attack that was orchestrated by the Pear ransomware group.
Impact
The nature and quantity of data compromised in the attack are under investigation.
Source
Victim: Dutch Data Protection Authority
About
The Dutch Data Protection Authority is the Netherlands ‘ independent supervisory authority for personal data processing.
Industry
Public sector
What happened?
A security vulnerability in Ivanti Endpoint Manager Mobile was exploited by a cybercriminal to gain access to sensitive information in the Dutch Data Protection Authority and Council of Justice.
Impact
The cyber attack compromised the personal information of employees working in the government agencies, including their names, phone numbers, and addresses.
Source
Victim: Iron Mountain
About
Iron Mountain is a New Hampshire-based information management services provider that was founded in 1951. It operates in over 61 countries, and 95% of its clients are Fortune 1000 companies.
Industry
Enterprise Information Management
What happened?
Iron Mountain became a victim of a ransomware attack that was orchestrated by the Everest ransomware gang.
Impact
The ransomware attack has compromised the company’s internal documents and personal information belonging to its clients.
Source
Victim: Substack
About
Substack is a California-based online solutions provider known for its subscription platform that offers creators an infrastructure for publishing, earning, and analytics. It is popular among journalists, media platforms, and subject matter experts.
Industry
Online publishing
What happened?
On 3rd February 2026, Substack discovered unauthorized access to the data of its users.
Impact
The incident compromised users’ data, including phone numbers, email addresses, and other data.
Source
Victim: Conpet
About
Conpet is Romania’s national oil pipeline operator with a massive pipe network of over 3800 kilometers. It offers an undisruptive supply of crude oil, liquid ethane, and gasoline to refineries across the country.
Industry
Oil and gas
What happened?
Conpet became a victim of a ransomware attack that was carried out by the Qilin ransomware group.
Impact
The data breach compromised over 1 TB of the company’s information, including sensitive internal documents, personal information (like passports), and financial information.
Source
Victim: Hawk Law Group
About
Hawk Law Group is a law firm based in the United States. It is known for its experienced lawyers who are recognized throughout the Central Savannah River Area for their civil and criminal litigation knowledge and case success.
Industry
Legal
What happened?
Hawk Law Group became a victim of a ransomware attack that was orchestrated by the INC ransomware group.
Impact
The ransomware attack has compromised the personal information of clients, including government-issued IDs, forms, and civil and criminal litigation case-related data.
Source
Victim: Deatak
About
Deatak is a United States-based manufacturer of flammability test instruments in the North America region, recognized for its reliable equipment and support.
Industry
Manufacturing
What happened?
Deatak became a victim of a ransomware attack that was carried out by the Play ransomware group, in which the group listed the manufacturer’s name on a data breach forum.
Impact
The ransomware attack has compromised private and confidential data, including clients’ documents, employee payroll details, IDs, and taxation and other financial information.
Source
Victim: Eisenberg Lowrance Lundell Lofgren
About
Eisenberg Lowrance Lundell Lofgren is a Utah-based law firm that offers contingency fee lawyers who specialize in personal injury, immigration, and criminal defense.
Industry
Legal
What happened?
Eisenberg Lowrance Lundell Lofgren became a target of a ransomware attack orchestrated by the INC ransomware group.
Impact
The ransomware attack has compromised the personal information of clients, including their government-issued IDs and case-related information.
Source
To be continued
We have already seen some of the most devastating data breaches In February 2026. Keep checking this space as we update our list of February’s Top data breaches just as we did in January 2026, with a closer look at the top data breaches, how they happened, and their impact.
Note: Our list only highlights the breaches that have either occurred in 2026 or reported/disclosed in 2026. All breaches reported in previous years, as of 2026, will be excluded from the list.
