The banking sector has always remained one of the most attractive targets for cybercriminals because modern banks store (and process) both personal and financial data. By targeting banks, cybercriminals can steal their customers’ information, lock up their systems, and threaten to leak information and target associated third parties.

Another reason why banks are targeted is that they are subject to many data protection regulations any violation can result in financial and reputational harm.

Cybercriminals use this as a leverage to carry out triple extortion attacks where they not just encrypt data but also threaten to leak the information and target the associated third parties.

Here are the top 10 data breaches in healthcare (so far):

The top 10 data breaches in the healthcare sector 2026

1. Victim: Citizens bank

About

The Citizens Financial Group is a Rhode Island-based bank holding company that was founded in 1828. It operates across multiple states in the U.S., including Connecticut, Maryland, Michigan, and Florida.

What happened?

The Citizens Bank became a victim of a data breach due to a cyber attack on a third-party company.

Impact

The data exposed includes customers’ names, addresses, and account numbers belonging to 3.5 million customers.

Source

2. Victim: Lloyds Bank, Halifax, and Bank of Scotland

About

Lloyds Bank is a retail and commercial bank that offers banking and insurance services in parts of England and Wales.

What happened?

On 12th March, Lloyds Bank discovered that its customers were able to see transaction details of other customers due to technical vulnerabilities.

Impact

The data breach compromised the transaction-related and other financial details of the bank’s customers.

Source

3. Victim: Rogers Capital Mauritius

About

Rogers Group is a 1899-founded investment company that also specializes in other sectors like logistics, technology, real estate, and agribusiness. It has offices in over 13 countries worldwide.

What happened?

On 23rd January 2026, the Bank of Mauritius reported that Rogers Capital Credit suffered a data breach.

Impact

The data breach has compromised client records up to December 2022, including sensitive personal identification information like address and income, and financial information such as banking, credit, and civil status information.

Source

4. Victim: Philippine Savings Bank

About

The Philippine Savings Bank is a Bonifacio Global City-based bank that offers a range of banking and finance-related services. It is a subsidiary of Metrobank and is the largest bank in the Philippines.

What happened?

The Philippine Savings was targeted by a ransomware attack that was orchestrated by the Qilin ransomware group.

Impact

The ransomware attack compromised around 200 records belonging to 187 users, including their passwords.

Source

To be continued

We saw some of the most devastating data breaches in Banking in 2026. Keep checking this space as we update our list of the top data breaches with a closer look at how they happened and their impact.

Note: Our list only highlights the breaches that have either occurred in 2026 or been reported/disclosed in 2026. All breaches reported in previous years, as of 2026, will be excluded from the list.