Recent Breaches

Attack Methods

How recent data breaches actually happen — ransomware, phishing, supply-chain attacks and more — with the incidents linked to each method.

Data Extortion & Leaks29658 trackedData-extortion actors steal data and threaten to publish or sell it unless the victim pays, even without deploying ransomware.Ransomware29388 trackedRansomware attacks encrypt a victim’s systems and steal data, demanding payment to decrypt and to prevent the stolen data from being published.Misconfiguration & Exposed Data902 trackedMisconfigured databases and cloud storage leave sensitive data publicly accessible without any hacking required.Zero-Day & Vulnerability Exploitation774 trackedAttackers exploit unpatched software vulnerabilities — sometimes before a fix exists — to break into systems.Credential & Infostealer Leaks721 trackedCredential leaks and infostealer logs expose usernames and passwords in bulk, fueling account takeover across many sites.Supply-Chain Attack52 trackedSupply-chain attacks compromise a trusted vendor, library, or service to reach that vendor’s many downstream customers at once.Phishing & Social Engineering11 trackedPhishing and social engineering trick employees into handing over credentials or access, which attackers then use to breach systems.Insider & Account Hijack6 trackedInsider threats and hijacked accounts abuse legitimate access to steal or expose data from within.

Attributions to threat groups and methods reflect public reporting and, in some cases, unverified claims made by the groups themselves; they may be incomplete or later revised. Recent Breaches and GalaxyWarden are independent and are not affiliated with, and do not endorse, any company or group named on this page. This information is aggregated from public sources for awareness only and is not legal, security, or investment advice.