Findings from the Identity Theft Resource Center’s 2025 Data Breach Report reveal 2025 saw the highest number of breaches to date. Yet, the amount of victim notices decreased by 79% year-over-year — according to the report, this suggests malicious actors are moving away from the “mega-breaches” seen in 2024 in favor of frequent, precise attacks on valuable data sources.

Whether this trend will continue in 2026 remains to be seen. Nevertheless, with one month completed in 2026, Security magazine is reviewing 7 data incidents that made headlines in January. 

1. Target Source Code Theft 

On Jan. 13, multiple Target employees confirmed internal code and developer documentation belonging to the retailer had been stolen. The stolen information amounted to approximately 860 GB and involved several data repositories, which were released on Gitea. 

What made this incident unique is that instead of focusing on customer data, the malicious actors targeted the organization’s source code. This could leave the retailer more vulnerable to cyber incidents in the future. 

Learn more about the Target breach. 

2. BreachForums Breach 

On Jan. 9, a popular hacker forum experienced a data breach of its own. The breach leaked metadata belonging to 324,000 individuals connected with the forum, including: 

• Usernames
• Email addresses
• Registration dates
• IP addresses

Learn more about the BreachForums breach. 

3. ICE Data Leak

U.S. Immigration and Customs Enforcement (ICE) experienced a data leakage, as an online database was uploaded containing sensitive information on department workers. It exposed 2,000 agents and 150 supervisors, and according to reports, it may have been the largest breach of department staff information ever before seen. 

However, that isn’t the end of the story. On Jan. 13, the database exposing ICE agents experienced a cyberattack. 

Learn more about the ICE breach. 

4. Monroe University Breach 

Approximately 320,000 individuals were impacted by a data breach against Monroe University. While mail notices were sent to potentially affected individuals on Jan. 2, 2026, the university ascertained the compromised files held sensitive personal data back in Sep. 30, 2025. The data breach itself occurred even longer ago, on Dec. 23, 2024. 

Impacted data includes, but is not limited to:

• Names
• Birthdays 
• Driver’s license/passport numbers
• Medical/health insurance data 
• Social Security numbers

A lawsuit has since been filed against the university. 

Learn more about the Monroe University breach.

5. Department of Human Services (DHS) Data Incidents

In the month of January, two different state DHS departments announced data incidents. One was an accidental data leakage, and the other was conducted by an unauthorized user. 

In total, 1 million individuals were affected by these two incidents. 

Learn more about the DHS breaches. 

6. Under Armour Breach 

Under Armour experienced a data securty incident in November 2025. Yet, on Jan. 21, 2026, a customer dataset from the retailer was released on a hacking forum.

Sensitive data was leaked, such as names, birth days, purchase histories, and locations. In addition, 72 million email addresses were exposed. 

Security magazine spoke with an expert who warned that the amount of emails exposed weren’t the most concerning factor — instead, it was how those emails might later be leveraged. 

Learn more about the Under Armour breach. 

7. Exposure of 149M Credentials 

A cybersecurity researcher, Jeremiah Fowler, discovered 149 million credentials in an exposed database. This totaled approximately 96 GB. 

Credential data (such as emails, usernames, and passwords) was collected from individuals around the globe, then stored in this database with alongside URL links that led to the login site associated with the stored data. In some instances, financial data and banking logins were also accessible. 

The question remains: who collected these credentials in the first place? 

Learn more about the database breach.