Every year, TechCrunch looks back at the cybersecurity horror shows of the past 12 months, from the biggest data breaches to hacks that left weeks of chaos, to see what we can learn. This year's data breaches were unlike anything we've seen before.
Let's take a look back at some of the biggest security incidents of 2025. First of all:
The US government remained one of the top targets in cyberspace. This year began with a brazen cyber attack on the U.S. Treasury by Chinese hackers, followed by a security flaw in SharePoint that compromised several federal agencies, including the agency tasked with protecting the U.S. nuclear arsenal.
All the while, Russian hackers were stealing sealed records from U.S. court filing systems, sounding alarm throughout the federal judiciary.
But nothing came close to that, as DOGE breached federal departments and databases in what became the largest U.S. government data raid in history.
WASHINGTON DC – MAY 30: A dark-eyed Tesla CEO Elon Musk listens as US President Donald Trump speaks to reporters in the Oval Office of the White House on May 30, 2025 in Washington, DC. Image credit: Kevin Dietsch / Getty Images
The Trump administration's Department of Government Efficiency (DOGE, as it was widely known), led by Elon Musk and his band of private-sector minions, violated federal protocol and defied common security practices. Despite warnings about national security risks and conflicts of interest surrounding Mr. Musk's overseas dealings, they looted federal databases of national data. Legal experts say DOGE employees are “personally liable” under U.S. hacking laws, but would also need court consent.
Musk's public falling out with President Trump later led to the billionaire leaving DOGE, and staffers feared they could face federal charges without Musk's protection.
In late September, senior executives at large American companies began receiving threatening emails from a prolific ransomware and extortion group called Clop. Attached to the email were copies of personal information and a multi-million dollar ransom demand not to be released.
Several months ago, the Clop gang secretly exploited a never-before-seen vulnerability in Oracle's E-Business software, a suite of applications used to host companies' core business information, including financial and human resources records, supply chain data, and customer databases. This vulnerability allowed Clop to steal large amounts of sensitive employee data, including data belonging to executives, from dozens of organizations that relied on Oracle's software.
Oracle was busy fixing the vulnerability and didn't know about it until it was discovered in October. But it was already too late. Hackers had already stolen large amounts of data from universities, hospitals, health systems, news organizations, and more.
This was Klopp's latest major hacking operation. The group previously exploited flaws in enterprise file transfer services such as GoAnywhere, MOVEit, and Cleo Software, which are used by tech giants to share large amounts of information over the Internet.
Salesforce customers have had a tough year due to two data breaches that allowed hackers at the downstream technology company to steal 1 billion customer data stored in Salesforce's cloud.
Hackers targeted at least two companies: Salesloft and Gainsight. Both companies enable customers to process and analyze data stored in Salesforce.
By penetrating these companies directly, hackers were able to access all data through customer connections to Salesforce. Some of the largest technology companies had their data stolen in this breach, including Bugcrowd, Cloudflare, Google, Proofpoint, Docusign, GitLab, Linkedin, SonicWall, and Verizon.
A hacking collective known as Scattered Lapsus$ Hunters, made up of members from various hacking groups including ShinyHunters, published a data breach site advertising stolen records in exchange for a ransom paid by victims. The number of new victims continues to increase.
Hackers breached the UK retail industry earlier this year, stealing data from Marks & Spencer and stealing at least 6.5 million customer records from Co-ops. The back-to-back hacks caused outages and disruptions across the retailer's network, destroying systems used to support retailers and leaving some grocery store shelves empty. Later, luxury store Harrods was also hacked.
Aerial view of the JLR sign after the hack and data breach at the Jaguar Land Rover vehicle manufacturing plant in Castle Bromwich, Birmingham, UK, September 30, 2025. Image credit: Christopher Furlong / Getty Images
But a major cyberattack targeting Jaguar Land Rover, one of the country's biggest employers, has hit the UK economy hard. A hack and data breach in September halted production at JLR's car factories for several months as the company worked to get its systems back up and running.
The impact has affected JLR's suppliers across the UK, with some going out of business altogether. The UK government has finally secured a £1.5bn bailout for Jaguar Land Rover's employees and suppliers to ensure they receive a paycheck during the closure.
British security experts said the breach was the most economically damaging cyber attack ever to hit the UK and showed that disruption could be more valuable to financially motivated hackers than stolen data.
South Korea has experienced major data breaches every month this year, putting the personal data of millions of citizens at risk thanks to security flaws and sloppy data practices at the country's largest technology and phone providers.
SK Telecom, the country's largest telephone company, was hacked and 23 million customer records were exposed. Some cyberattacks are believed to have been carried out by hostile neighboring North Korea. A large-scale data center fire destroyed many years of South Korean government data that had not been backed up.
But the centerpiece of the data breach was the theft over several months of the personal information of about 33 million customers from the country's retail giant Coupang, also known as the Amazon of Asia. The data theft began in June but was not discovered until November and ultimately led to the resignation of the company's chief executive.