If anything, 2026 has made clear that cybersecurity is no longer a background concern \u2014 it\u2019s front and center, woven into almost every major story of the year. Yes, wars are still raging, the climate keeps worsening, and we\u2019re seemingly one dodgy sneeze away from the next global pandemic. <\/p>\n
But running beneath all of it is a digital current that touches everything: wars being fought on digital fronts as well as physical ones, governments weaponizing citizens\u2019 own data against them, botnets quietly undermining democratic institutions, nation-state hackers targeting civilian infrastructure from power grids to water systems, and ransomware gangs holding companies and institutions hostage for massive payouts. The attacks are getting bolder, more destructive, and harder to contain.<\/p>\n
As we\u2019re halfway through this already horrendous year of digital attacks and hybrid warfare, we look at some of the worst hacks and breaches so far, and how they might affect us going forward.<\/p>\n
Questions remain over DOGE\u2019s massive swipe of Social Security data<\/strong><\/h2>\nA year on, after operatives with the Elon Musk-led band of government destroyers known as the Department of Government Efficiency (or DOGE)<\/a> swept through and dismantled federal agencies from the inside out, we\u2019re still learning about the data lapses that happened under their watch.<\/p>\nAfter DOGE entered the Social Security Administration, it remains unclear as to what happened with some of the nation\u2019s most sensitive data<\/a>, as lawsuits battle on in federal court. The most alarming whistleblower\u2019s claim is that DOGE uploaded a live copy of the Social Security database to an unsecured third-party server, leading to a scramble to understand what was stored in it. This database allegedly contained the Social Security numbers and associated personal information of most living Americans.<\/p>\nIn court filings, the Social Security Administration doesn\u2019t know for sure what was on the server, but said that the DOGE signed an agreement with an outside political advocacy group under the guise of finding evidence of voter fraud, something that President Trump continues to claim without any evidence<\/a>. The fears are that the database could be misused to target Americans for spurious reasons.\u00a0<\/p>\nTwo of the top House Democrats investigating some of DOGE\u2019s activities at the Social Security Administration said that the exposure<\/a> of the government\u2019s Social Security database \u201ccould very well be the largest data breach in our nation\u2019s history.\u201d<\/p>\nImage Credits:<\/strong>Bryan Dozier\/Middle East Images via AFP \/ Getty Images<\/span><\/figcaption><\/figure>\nHackers are increasingly targeting water systems and energy grids<\/strong><\/h2>\nA rash of cyberattacks across Europe targeting civilian energy and water supplies, like power plants and water dams, has set a troubling trend of late. Several hacks attributed to (or at least in part blamed on) Russia have risked real-world harm to communities and populations.\u00a0<\/p>\n
Poland\u2019s energy grid was targeted with computer-destroying malware<\/a> at the tail end of last year, as well as a Swedish thermal plant<\/a> and a Norwegian dam that spilled swimming pools\u2019 worth of water<\/a>. Hackers targeted Poland again earlier this year, this time its water treatment plants<\/a>, showing that Russia\u2019s hybrid war antagonism continues to extend beyond the digital realm.<\/p>\nNow, thanks to the recent war between the U.S. and Israel against Iran, there are warnings that Iranian hackers are targeting critical infrastructure in the United States. This includes privately owned water utilities, which remain a soft target for hackers, often lacking basic cybersecurity protections.<\/p>\n
Iranian government hackers struck Stryker with a destructive device hack<\/strong><\/h2>\nSpeaking of Iran, a cyberattack on a U.S. medical tech company, Stryker, in March saw Iranian hackers break in and remotely wipe tens of thousands of employee devices in one fell swoop<\/a>, causing widespread disruption to the company\u2019s operations for several days.\u00a0<\/p>\nThe breach was a marked shift in Iranian hacking tactics at a time of ongoing war in the Middle East, with Iran moving from its typical focus of espionage and hack-and-leak operations in aid of the country\u2019s political gains, toward actively causing destructive hacks in apparent retaliation for the war. The U.S. government attributed the hacking group<\/a> behind the breach to an arm of Iranian intelligence. The breach ended up having a material impact<\/a> on Stryker\u2019s first-quarter earnings after regaining control of its systems.<\/p>\nInstructure among ShinyHunters\u2019 disruptive hacking campaigns<\/strong><\/h2>\nThe ShinyHunters<\/a> continued their hacking campaigns, targeting dozens of companies with simple but highly effective voice phishing techniques. The English-speaking hackers are adept at tricking companies into turning over access to their internal systems by pretending to be IT support, or conversely, an employee who forgot their password.<\/p>\nFew know better than the toll a hack from the ShinyHunters can have than education tech giant Instructure. The hackers breached the company\u2019s flagship learning management system Canvas to steal private data and personal information belonging to over 30 million students and staff. When the company didn\u2019t pay the hackers\u2019 ransom, the hackers broke in \u2014 again \u2014 and defaced the school\u2019s login screens for Canvas<\/a>, used by students to access their exam and coursework material. This second hack happened during school finals, disrupting exams for students across the United States. Instructure eventually paid the ransom, despite efforts by the FBI to dissuade the company from paying.<\/p>\nInstructure wasn\u2019t the only company targeted by the ShinyHunters hackers by far. The gang has been behind some of the largest breaches by the number of records stolen, including some 40 million records from internet provider Charter<\/a> and at least 6 million customer records from cruiseliner Carnival<\/a>, among other victims in higher education<\/a>, finance<\/a>, and government<\/a>.<\/p>\n![\"A](\"https:\/\/techcrunch.com\/wp-content\/uploads\/2026\/05\/shinyhunters-instructure-canvas-login-defacement.jpg\")
Image Credits:<\/strong>TechCrunch<\/span><\/figcaption><\/figure>\nThe supply chain is under attack, targeting open source projects and big tech companies<\/strong><\/h2>\nA series of ongoing, concurrent, and occasionally overlapping attacks on open source developers have resulted in massive hacks targeting big tech companies and their customers.\u00a0<\/p>\n
Some of the biggest names in security, including Aqua Security\u2019s Trivy tool<\/a>, Bitwarden<\/a>, and Checkmarx<\/a>, alongside other major open source projects<\/a>, were compromised this year, allowing the hackers to steal passwords, credentials, and other sensitive tokens from the computers of anyone who installed a backdoored copy of the software, or their pre-installed software auto-updated to download the malware.\u00a0<\/p>\nThese attacks used the stolen credentials to spread further, and opened the door to downstream compromises of big companies that rely on the targeted software, including AI giant OpenAI<\/a> and web hosting company Vercel<\/a>. With a new hack almost every week, the open source world remains a vulnerable target in the broader tech ecosystem.\u00a0<\/p>\nFBI\u2019s surveillance system was breached, sparking a \u201cmajor cyber incident<\/strong>\u201c<\/h2>\nThe U.S. Federal Bureau of Investigation was forced to declare a \u201cmajor cyber incident\u201d<\/a> in April, prompting a legally required disclosure with Congress, after identifying that one of its surveillance systems was compromised. According to reports, the breach potentially exposed phone numbers of targets under surveillance<\/a> by federal agents.\u00a0<\/p>\nChinese spies were accused of the breach of the unclassified network, which held sensitive information about the surveillance targets of wiretaps and other communication intercepts, such as pen register returns. By notifying lawmakers, the breach is likely to have met a bar of causing \u201cdemonstrable harm\u201d to U.S. national security.<\/p>\n
Hasbro\u2019s hack has led to weeks of downtime<\/strong><\/h2>\nToymaker giant Hasbro is the latest example of what happens when a large corporation is hit by a security incident and isn\u2019t prepared for it. Weeks after discovering hackers in its systems in late March<\/a>, the 103-year-old company remained largely offline, its website unavailable, and unable to serve its customers.<\/p>\nThe company, which owns big name brands such as Transformers, Peppa Pig, and Dungeons & Dragons, has said little about the incident itself, what data was taken (if any), and whether it paid the hackers. But the disruption alone is likely to affect the company\u2019s financials, which it was forced to delay<\/a>, as the company scrambled to handle the incident.\u00a0<\/p>\nHasbro said<\/a> as of mid-May that the hackers are no longer in its systems and that its recovery was underway. But the financial costs of the breach and the knock-on effect to its business are likely to be realized in the coming months, and are expected to be substantial.<\/p>\nMillions of passports and driver licenses have been exposed galore<\/strong><\/h2>\nOver the past few months alone, there has been an uptick in major data exposures involving people\u2019s sensitive government-issued identity documents, including passport and driver license scans left exposed to the web. From a hotel check-in system<\/a> and a money transfer app<\/a> to a prison payphone provider<\/a> and a U.K. visa service<\/a>, these services exposed over two million people\u2019s personal documents that can be easily misused. Many were caused by simple security lapses that were easily avoidable with basic cybersecurity practices.<\/p>\nThese massive data spills come at a time when closed-community apps and websites are increasingly leaning on \u201cknow your customer\u201d checks to force users to verify their identity before being allowed in, and governments are pushing age-verification laws<\/a> demanding similar identity checks from adults to access a vast swath of the internet.\u00a0<\/p>\nThe logic goes that the greater the spills, the less effective these identity checking systems are, as they can be easily misused<\/a> with a stolen or leaked passport or driver license. The further rollout of these ID-collecting systems will inevitably lead to more data breaches and security lapses.<\/p>\n<\/div>\nWhen you purchase through links in our articles, we may earn a small commission<\/a>. This doesn\u2019t affect our editorial independence.<\/em><\/p>\n
After DOGE entered the Social Security Administration, it remains unclear as to what happened with some of the nation\u2019s most sensitive data<\/a>, as lawsuits battle on in federal court. The most alarming whistleblower\u2019s claim is that DOGE uploaded a live copy of the Social Security database to an unsecured third-party server, leading to a scramble to understand what was stored in it. This database allegedly contained the Social Security numbers and associated personal information of most living Americans.<\/p>\n In court filings, the Social Security Administration doesn\u2019t know for sure what was on the server, but said that the DOGE signed an agreement with an outside political advocacy group under the guise of finding evidence of voter fraud, something that President Trump continues to claim without any evidence<\/a>. The fears are that the database could be misused to target Americans for spurious reasons.\u00a0<\/p>\n Two of the top House Democrats investigating some of DOGE\u2019s activities at the Social Security Administration said that the exposure<\/a> of the government\u2019s Social Security database \u201ccould very well be the largest data breach in our nation\u2019s history.\u201d<\/p>\n A rash of cyberattacks across Europe targeting civilian energy and water supplies, like power plants and water dams, has set a troubling trend of late. Several hacks attributed to (or at least in part blamed on) Russia have risked real-world harm to communities and populations.\u00a0<\/p>\n Poland\u2019s energy grid was targeted with computer-destroying malware<\/a> at the tail end of last year, as well as a Swedish thermal plant<\/a> and a Norwegian dam that spilled swimming pools\u2019 worth of water<\/a>. Hackers targeted Poland again earlier this year, this time its water treatment plants<\/a>, showing that Russia\u2019s hybrid war antagonism continues to extend beyond the digital realm.<\/p>\n Now, thanks to the recent war between the U.S. and Israel against Iran, there are warnings that Iranian hackers are targeting critical infrastructure in the United States. This includes privately owned water utilities, which remain a soft target for hackers, often lacking basic cybersecurity protections.<\/p>\n Speaking of Iran, a cyberattack on a U.S. medical tech company, Stryker, in March saw Iranian hackers break in and remotely wipe tens of thousands of employee devices in one fell swoop<\/a>, causing widespread disruption to the company\u2019s operations for several days.\u00a0<\/p>\n The breach was a marked shift in Iranian hacking tactics at a time of ongoing war in the Middle East, with Iran moving from its typical focus of espionage and hack-and-leak operations in aid of the country\u2019s political gains, toward actively causing destructive hacks in apparent retaliation for the war. The U.S. government attributed the hacking group<\/a> behind the breach to an arm of Iranian intelligence. The breach ended up having a material impact<\/a> on Stryker\u2019s first-quarter earnings after regaining control of its systems.<\/p>\n The ShinyHunters<\/a> continued their hacking campaigns, targeting dozens of companies with simple but highly effective voice phishing techniques. The English-speaking hackers are adept at tricking companies into turning over access to their internal systems by pretending to be IT support, or conversely, an employee who forgot their password.<\/p>\n Few know better than the toll a hack from the ShinyHunters can have than education tech giant Instructure. The hackers breached the company\u2019s flagship learning management system Canvas to steal private data and personal information belonging to over 30 million students and staff. When the company didn\u2019t pay the hackers\u2019 ransom, the hackers broke in \u2014 again \u2014 and defaced the school\u2019s login screens for Canvas<\/a>, used by students to access their exam and coursework material. This second hack happened during school finals, disrupting exams for students across the United States. Instructure eventually paid the ransom, despite efforts by the FBI to dissuade the company from paying.<\/p>\n Instructure wasn\u2019t the only company targeted by the ShinyHunters hackers by far. The gang has been behind some of the largest breaches by the number of records stolen, including some 40 million records from internet provider Charter<\/a> and at least 6 million customer records from cruiseliner Carnival<\/a>, among other victims in higher education<\/a>, finance<\/a>, and government<\/a>.<\/p>\n A series of ongoing, concurrent, and occasionally overlapping attacks on open source developers have resulted in massive hacks targeting big tech companies and their customers.\u00a0<\/p>\n Some of the biggest names in security, including Aqua Security\u2019s Trivy tool<\/a>, Bitwarden<\/a>, and Checkmarx<\/a>, alongside other major open source projects<\/a>, were compromised this year, allowing the hackers to steal passwords, credentials, and other sensitive tokens from the computers of anyone who installed a backdoored copy of the software, or their pre-installed software auto-updated to download the malware.\u00a0<\/p>\n These attacks used the stolen credentials to spread further, and opened the door to downstream compromises of big companies that rely on the targeted software, including AI giant OpenAI<\/a> and web hosting company Vercel<\/a>. With a new hack almost every week, the open source world remains a vulnerable target in the broader tech ecosystem.\u00a0<\/p>\n The U.S. Federal Bureau of Investigation was forced to declare a \u201cmajor cyber incident\u201d<\/a> in April, prompting a legally required disclosure with Congress, after identifying that one of its surveillance systems was compromised. According to reports, the breach potentially exposed phone numbers of targets under surveillance<\/a> by federal agents.\u00a0<\/p>\n Chinese spies were accused of the breach of the unclassified network, which held sensitive information about the surveillance targets of wiretaps and other communication intercepts, such as pen register returns. By notifying lawmakers, the breach is likely to have met a bar of causing \u201cdemonstrable harm\u201d to U.S. national security.<\/p>\n Toymaker giant Hasbro is the latest example of what happens when a large corporation is hit by a security incident and isn\u2019t prepared for it. Weeks after discovering hackers in its systems in late March<\/a>, the 103-year-old company remained largely offline, its website unavailable, and unable to serve its customers.<\/p>\n The company, which owns big name brands such as Transformers, Peppa Pig, and Dungeons & Dragons, has said little about the incident itself, what data was taken (if any), and whether it paid the hackers. But the disruption alone is likely to affect the company\u2019s financials, which it was forced to delay<\/a>, as the company scrambled to handle the incident.\u00a0<\/p>\n Hasbro said<\/a> as of mid-May that the hackers are no longer in its systems and that its recovery was underway. But the financial costs of the breach and the knock-on effect to its business are likely to be realized in the coming months, and are expected to be substantial.<\/p>\n Over the past few months alone, there has been an uptick in major data exposures involving people\u2019s sensitive government-issued identity documents, including passport and driver license scans left exposed to the web. From a hotel check-in system<\/a> and a money transfer app<\/a> to a prison payphone provider<\/a> and a U.K. visa service<\/a>, these services exposed over two million people\u2019s personal documents that can be easily misused. Many were caused by simple security lapses that were easily avoidable with basic cybersecurity practices.<\/p>\n These massive data spills come at a time when closed-community apps and websites are increasingly leaning on \u201cknow your customer\u201d checks to force users to verify their identity before being allowed in, and governments are pushing age-verification laws<\/a> demanding similar identity checks from adults to access a vast swath of the internet.\u00a0<\/p>\n The logic goes that the greater the spills, the less effective these identity checking systems are, as they can be easily misused<\/a> with a stolen or leaked passport or driver license. The further rollout of these ID-collecting systems will inevitably lead to more data breaches and security lapses.<\/p>\n<\/div>\n When you purchase through links in our articles, we may earn a small commission<\/a>. This doesn\u2019t affect our editorial independence.<\/em><\/p>\nHackers are increasingly targeting water systems and energy grids<\/strong><\/h2>\n
Iranian government hackers struck Stryker with a destructive device hack<\/strong><\/h2>\n
Instructure among ShinyHunters\u2019 disruptive hacking campaigns<\/strong><\/h2>\n
The supply chain is under attack, targeting open source projects and big tech companies<\/strong><\/h2>\n
FBI\u2019s surveillance system was breached, sparking a \u201cmajor cyber incident<\/strong>\u201c<\/h2>\n
Hasbro\u2019s hack has led to weeks of downtime<\/strong><\/h2>\n
Millions of passports and driver licenses have been exposed galore<\/strong><\/h2>\n