If anything, 2026 has made clear that cybersecurity is no longer a background concern — it’s front and center, woven into nearly every major story of the year. Yes, wars are still raging, the climate continues to worsen, and we seem a long way from the next global pandemic.
But beneath it all there is a digital current running through everything it touches: wars being fought on digital fronts as well as physical ones, governments weaponizing citizens’ data against themselves, botnets quietly undermining democratic institutions, nation-state hackers targeting civic infrastructure from power grids to water systems, and ransomware gangs holding companies and institutions hostage for massive payouts. Attacks are becoming bolder, more destructive and harder to control.
As we’re halfway through this already terrifying year of digital attacks and hybrid warfare, we look back at some of the worst hacks and breaches ever, and how they could impact us going forward.
Questions remain over DOGE’s massive swipe of Social Security data
A year after operatives of the Elon Musk-led government subversion group known as the Department of Government Efficiency (or DOGE) dismantled federal agencies from the inside out, we are still learning about the data lapses that occurred under their watch.
After DOGE entered the Social Security Administration, it is unclear what happened to some of the country’s most sensitive data, as lawsuits are ongoing in federal court. The most shocking claim by the whistleblower is that DOGE uploaded a live copy of the Social Security database to an unsecured third-party server, leading to a race to understand what was stored in it. This database reportedly contained the Social Security numbers and related personal information of most living Americans.
In court filings, the Social Security Administration does not know for sure what was on the servers, but said that DOGE signed a deal with an outside political advocacy group under the guise of finding evidence of voter fraud, something President Trump continues to claim without any evidence. The fear is that the database could be misused to target Americans for the wrong reasons.
Two of the top House Democrats who are investigating some of DOGE’s activities at the Social Security Administration said the disclosure of the government’s Social Security database “could be the largest data breach in the history of our country.”
Hackers are increasingly targeting water systems and energy grids
Cyber attacks targeting civilian energy and water supplies, such as power plants and water dams, across Europe have set a troubling recent trend. Many hacks caused by (or at least partially blamed on) Russia have risked causing real-world harm to communities and populations.
Poland’s energy grid was targeted with computer-destroying malware late last year, with a Swedish thermal plant and a Norwegian dam spilling a swimming pool’s worth of water. Hackers again targeted Poland earlier this year, this time its water treatment plants, showing that Russia’s hybrid warfare hostilities extend beyond the digital realm.
Now, thanks to the recent war between the US and Israel against Iran, there are warnings that Iranian hackers are targeting critical infrastructure in the United States. This includes privately owned water utilities, which remain an easy target for hackers, often lacking basic cybersecurity protections.
Iranian government hackers hacked a destructive device on Stryker
Speaking of Iran, in March a cyber attack on Stryker, an American medical tech company, saw Iranian hackers breach and wipe out the devices of thousands of employees in one fell swoop, causing widespread disruption to the company’s operations for several days.
The breach was a notable shift in Iranian hacking tactics at a time of the ongoing war in the Middle East, with Iran moving from its typical focus of espionage and hack-and-leak operations to aid the country’s political gains, toward actively carrying out destructive hacks in apparent retaliation for the war. The US government blamed a hacking group of Iranian intelligence for the breach. The breach had a significant impact on Stryker’s first quarter earnings after it regained control of its systems.
Instructions amid ShinyHunters’ disruptive hacking campaigns
ShinyHunters continued their hacking campaigns, targeting dozens of companies with simple but highly effective voice phishing techniques. English-speaking hackers are adept at tricking companies into providing access to their internal systems by pretending to be IT support or, conversely, an employee who has forgotten their password.
Few know the damage a single ShinyHunters hack can do better than edutech giant Instructables. Hackers broke into Canvas, the company’s flagship learning management system, to steal private data and personal information belonging to more than 30 million students and employees. When the company did not pay the hackers’ ransom, the hackers broke in again and defaced the school’s login screen for Canvas, which was used by students to access their exams and course materials. This second hack occurred during school finals, disrupting exams for students across the United States. Despite efforts by the FBI to prevent the company from paying, Instructor eventually paid the ransom.
Instruct wasn’t the only company targeted by the ShinyHunters hackers so far. The gang has been behind some of the largest breaches in terms of the number of records stolen, including nearly 40 million records from internet provider Charter and at least 6 million customer records from the cruiseliner Carnival, along with other victims in higher education, finance and government.
The supply chain is being attacked by targeting open source projects and big tech companies
A series of ongoing, concurrent, and sometimes overlapping attacks on open source developers has resulted in massive hacks targeting large technology companies and their customers.
Some of the biggest names in security, including Aqua Security’s Trivi tool, Bitwarden and Checkmarks, along with other major open source projects, were compromised this year, allowing hackers to steal passwords, credentials and other sensitive tokens from the computers of anyone who installed a backdoor copy of the software, or had their pre-installed software auto-updated to download malware.
These attacks used stolen credentials to spread further, and opened the door to downstream compromises of larger companies that rely on the targeted software, including AI giant OpenAI and web hosting company Vercel. With a new hack almost every week, the open source world remains a vulnerable target in the broader tech ecosystem.
The FBI’s surveillance systems were breached, causing a “major cyber incident”.“
The US Federal Bureau of Investigation was forced to declare a “major cyber incident” in April, leading to legally required disclosures with Congress, after identifying that one of its surveillance systems had been compromised. According to reports, the breach potentially exposed the phone numbers of targets put under surveillance by federal agents.
Chinese spies were accused of breaching unclassified networks that contained sensitive information about surveillance targets of wiretaps and other communications interceptions such as pen register returns. By notifying lawmakers, the breach would likely meet the threshold for causing “direct harm” to US national security.
Hasbro hack causes weeks of downtime
Toy manufacturer Hasbro is the latest example of what happens when a large corporation is hit by a security incident and is unprepared. For weeks after hackers discovered their systems in late March, the 103-year-old company remained largely offline, with its website unavailable and unable to serve its customers.
The company, which owns big-name brands like Transformers, Peppa Pig, and Dungeons & Dragons, has said little about the incident, what data was taken (if any), and whether it paid the hackers. But the disruption alone is likely to impact the company’s financials, forcing a delay as the company struggles to handle the incident.
Hasbro said in mid-May that the hackers were no longer in its systems and that its recovery was underway. But the financial cost of the breach and its impact on business are likely to be realized in the coming months, and are expected to be substantial.
Millions of passports and driver’s licenses have been exposed
In the past few months alone, there has been an increase in key data exposures associated with people’s sensitive government-issued identity documents, including passport and driver’s license scans that have been exposed on the web. From hotel check-in systems and money transfer apps to prison payphone providers and the UK Visa service, these services have exposed personal documents of more than two million people that could easily be misused. Many of these were caused by common security lapses that could have been easily avoided with basic cybersecurity practices.
These massive data leaks come at a time when closed-community apps and websites are pushing for “Know Your Customer” checks to force users to verify their identities before allowing permission, and governments are pushing for age-verification laws that demand similar identity checks from adults to access vast swaths of the internet.
The logic is that the greater the proliferation, the less effective these identity checking systems will be, as they can be easily abused with stolen or leaked passports or driver’s licenses. Further rollouts of these ID-collection systems will inevitably lead to more data breaches and security lapses.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.
