Circulating Breaches Directory

Verified Data Breaches with Publicly Accessible or Circulating Data

Understanding Breach Evolution

Circulating breaches are the breaches where data has moved beyond disclosure and is now in circulation. Available to search, trade, or exploit.

Let's unpack what's really going on.

Evolution of a breach

Breach
Every day
Disclosed
(not yet circulating)

About 60,000
Circulating
About 1,000
Exploited
Unknown

Two Very Different Kinds of Breaches

When you hear about a breach, it can fall into one of two categories: Disclosed or Circulating. Knowing which kind you’re dealing with helps you understand what’s known, what’s still unknown, and how to respond.

Disclosed Breaches :: Public, but Not Yet Circulating

A Disclosed Breach is one that's been reported or confirmed publicly. The company might have filed with the SEC, told the press, or notified customers. The key detail: the stolen data hasn’t been observed circulating on open or dark web sources. That doesn’t mean it’s safely contained — only that it hasn’t surfaced publicly.

Sidebar

Your stolen data may not be in active circulation. It may never appear publicly.

But it could still be in play privately — in criminal exchanges, nation-state archives, or exclusive data markets. Treat “not circulating” as unknown risk, not no risk.

What this means:

  • The data may still be in the hands of the attacker, investigators, or a private buyer.
  • There's no evidence it's being sold, traded, or indexed.
  • The breach appears in official reports but isn't searchable or downloadable by third parties.

If you are being notified of a Disclosed Breach this is likely because the company is legally required to notify you that they realize your data has been compromised in some way. They may not even know where it is. (Regulations often require notification even when there's no evidence of data misuse.)

Scale:

60,000+ disclosed breaches exist globally
5,000–10,000 new disclosures happen every year

So: Getting a notice from a disclosed breach doesn’t mean your data is safe. It means the breach has been acknowledged — but not yet confirmed as circulating. Disclosed breaches can still transition into circulation later.

Circulating Breaches :: When the Data Is Out There

A Circulating Breach is when the stolen data actually hits the wild. It's uploaded, sold, or shared on criminal forums, and often becomes part of searchable services like Have I Been Pwned or DataBreach.com. Lots other entities scoop that up too, like intelligence tools, data brokers, and foreign governments.

Because that's when things shift from theoretical to real.

What this means:

  • Your data is actively circulating online.
  • It can be found, reused, or sold multiple times.
  • It's indexed by breach search engines and often resold by automated bots.

If you are being notified of a Circulating Breach this is likely because you signed up for an alert service like ObscureIQ. Notification from us means that your data has come into play.

It's possible that data from breaches that have happened years ago can hit the dark web as a fresh release. This can still be dangerous, so don't ignore such alerts out of hand.

Scale:

1,000–1,200 known circulating breaches exist
Billions of searchable records
Example

The 2012 LinkedIn breach was disclosed early—but didn't circulate widely until 2016. That's when the stolen data became searchable and weaponized.

That's why ObscureIQ monitors multiple breach intelligence sources.

To alert our clients the moment their data moves from disclosed to circulating.

Browse Circulating Breaches

Below you’ll find verified circulating breaches. Datasets that have surfaced publicly or through credible intelligence sources.

Each breach page includes:

Breach Overview
Name, source, year, record count
Data Points Exposed
Email, password, phone, DOB, crypto keys, etc.
Summary
How the breach occurred
Dark Web Verification
Confirmed authenticity and circulation status
About the Threat Actor
Profile and tactics of the attacking group
About the Breached Company
Background and business context
Impact on Breached Clients
Risk assessment and exposure analysis
Recommendations for Impacted Clients
Actionable steps to protect yourself
DOWNLOAD PDF

Why This Directory Exists

The goal of the Circulating Breach Directory is to:

  • Help individuals and organizations identify when their data has entered circulation.
  • Provide verifiable breach intelligence without exposing sensitive data.
  • Show the evolution from disclosure → circulation → exploitation.

ObscureIQ scans multiple breach intelligence sources and dark web repositories to maintain this directory.

This resource is constantly updated as new circulating breaches are discovered.

A disclosed breach can remain quiet for a long time before data surfaces. That’s why ObscureIQ tracks the moment stolen data moves from disclosed to circulating.