If anything, 2026 has made it clear that cyber security is no longer a background concern – it’s front and center, woven into nearly every big story of the year. Yes, wars are still raging, the climate continues to worsen, and we’re seemingly a dangerous sneeze away from the next global pandemic.
But beneath it all runs a digital current that affects everything: wars being fought on digital fronts as well as physical ones, governments weaponizing citizens’ own data against them, botnets quietly undermining democratic institutions, nation-state hackers targeting civilian infrastructure from power grids to water systems, and ransomware gangs holding companies and institutions hostage to massive payouts. The attacks are becoming bolder, more destructive and harder to contain.
As we’re halfway through this already horrific year of digital attacks and hybrid warfare, we look at some of the worst hacks and breaches so far and how they could affect us going forward.
There are still questions about DOGE’s massive erasure of social security data
A year later, after agents with the Elon Musk-led group of government destroyers known as the Department of Government Efficiency (or DOGE) swept through and dismantled federal agencies from the inside out, we’re still learning about the data lapses that occurred under their watch.
After DOGE entered the Social Security Administration, it remains unclear what happened to some of the nation’s most sensitive data as lawsuits battle it out in federal court. The most alarming whistleblower’s allegation is that DOGE uploaded a live copy of the Social Security database to an unsecured third-party server, leading to a scramble to understand what was stored in it. This database allegedly contained Social Security numbers and associated personal information for most living Americans.
In court filings, the Social Security Administration doesn’t know for sure what was on the server, but said DOGE signed a deal with an outside political advocacy group under the guise of finding evidence of voter fraud, something President Trump continues to claim without evidence. The fear is that the database could be misused to target Americans for false reasons.
Two of the top House Democrats investigating some of DOGE’s activities at the Social Security Administration said the disclosure of the government’s Social Security database “could very well be the largest data breach in our nation’s history.”
Hackers are increasingly targeting water systems and energy grids
A rash of cyber-attacks across Europe targeting civilian energy and water supplies, such as power plants and dams, has set a worrying trend of late. Several hacks attributed to (or at least partially blamed on) Russia have risked harming real-world communities and populations.
Poland’s energy grid was targeted by computer-destroying malware late last year, as well as a Swedish thermal plant and a Norwegian dam that spilled swimming pool water. Hackers attacked Poland again earlier this year, this time its water treatment plant, showing that Russia’s hybrid warfare resistance continues to extend beyond the digital realm.
Now, thanks to the recent war between the US and Israel against Iran, there are warnings that Iranian hackers are targeting critical infrastructure in the US. This includes privately owned water utilities, which remain a soft target for hackers, often lacking basic cybersecurity protections.
Iranian government hackers hit Stryker with a destructive device hack
Speaking of Iran, a cyberattack on US medical technology company Stryker in March saw Iranian hackers break in and remotely wipe tens of thousands of employee devices in one fell swoop, causing widespread disruption to the company’s operations for days.
The breach was a significant shift in Iranian hacking tactics at a time of ongoing war in the Middle East, with Iran moving from its typical focus on espionage and hack-and-leak operations in support of the country’s political gains to actively causing destructive hacks in apparent retaliation for the war. The US government attributed the hacker group behind the breach to an arm of Iranian intelligence. The breach ended up having a significant impact on Stryker’s earnings in the first quarter after it regained control of its systems.
Structure among ShinyHunters’ disruptive hacking campaigns
The ShinyHunters continued their hacking campaigns, targeting dozens of companies with simple but highly effective voice phishing techniques. The English-speaking hackers are adept at tricking companies into trading access to their internal systems by pretending to be IT support, or conversely, an employee who has forgotten their password.
Few know better than the toll a ShinyHunters hack can have than education technology giant Instructure. The hackers breached the company’s flagship learning management system Canvas to steal private data and personal information belonging to over 30 million students and employees. When the company didn’t pay the hackers’ ransom, the hackers broke in – again – and defaced the school’s Canvas login screens, which were used by students to access their exam and course materials. This second hack happened during school finals and disrupted exams for students across the United States. Instructure eventually paid the ransom, despite the FBI’s efforts to dissuade the company from paying.
Instructure was far from the only company targeted by the ShinyHunters hackers. The gang has been behind some of the biggest breaches in the number of records stolen, including about 40 million records from Internet service provider Charter and at least 6 million customer records from cruise ship Carnival, among other victims in higher education, finance and government.
The supply chain is under attack, targeting open source projects and large technology companies
A series of ongoing, simultaneous and occasionally overlapping attacks on open source developers has resulted in massive hacks targeting major technology companies and their customers.
Some of the biggest names in security, including Aqua Security’s Trivy tool, Bitwarden and Checkmarx, along with other major open source projects, were compromised this year, allowing the hackers to steal passwords, credentials and other sensitive tokens from the computers of anyone who installed a backdoor copy of the software or their pre-installed software to automatically download the malware.
Those attacks used the stolen credentials to spread further, opening the door to downstream compromises by major companies that rely on the targeted software, including AI giant OpenAI and web hosting firm Vercel. With a new hack almost every week, the open source world remains a vulnerable target in the wider tech ecosystem.
The FBI’s surveillance system was breached, triggering a “major cyber incident“
The US Federal Bureau of Investigation was forced to declare a “major cyber incident” in April, prompting a statutory disclosure with Congress, after identifying that one of its surveillance systems had been compromised. According to reports, the breach potentially exposed phone numbers of targets under surveillance by federal agents.
Chinese spies were accused of breaching the unclassified network, which contained sensitive information about the surveillance targets for wiretapping and other communications interceptions, such as pen register returns. By notifying lawmakers, the breach would likely have met a bar for causing “demonstrable harm” to US national security.
Hasbro’s hack has led to weeks of downtime
Toy maker giant Hasbro is the latest example of what happens when a large company is hit by a security incident and is not prepared for it. Weeks after discovering hackers in its systems in late March, the 103-year-old company remained largely offline, its website inaccessible and unable to serve its customers.
The company, which owns big name brands such as Transformers, Peppa Pig and Dungeons & Dragons, has not said much about the incident itself, what data was taken (if any) and whether it paid the hackers. But the disruption alone is likely to affect the company’s finances, which it was forced to suspend as the company struggled to deal with the incident.
Hasbro said in mid-May that the hackers were no longer in their systems and that recovery was underway. But the financial cost of the breach and knock-on effect on its business is likely to be realized in the coming months and is expected to be significant.
Millions of passports and driving licenses have been exposed en masse
In the past few months alone, there has been an increase in major data exposures involving people’s sensitive government-issued identity documents, including passport and driver’s license scans, being exposed online. From a hotel check-in system and a money transfer app to a pay phone provider in prisons and a visa service in the UK, these services exposed the personal documents of over two million people that could be easily misused. Many were caused by simple security breaches that were easily avoidable with basic cybersecurity practices.
These massive data leaks come at a time when closed community apps and websites are increasingly relying on “know your customer” checks to force users to verify their identity before being allowed in, and governments are pushing age-verification laws that require similar identity checks from adults to access much of the Internet.
The logic is that the bigger the spill, the less effective these identity control systems are, as they can be easily abused with a stolen or leaked passport or driver’s license. The further rollout of these ID collection systems will inevitably lead to more data breaches and security breaches.
When you buy through links in our articles, we may earn a small commission. This does not affect our editorial independence.