Looking back at 2026 so far, it could be easy to see that cybersecurity has been sidelined, as much of the world's attention remains on escalating wars and a worsening climate, and the next global pandemic seems like a dangerous sneeze away.
But cybersecurity remains a powerful barometer of what's happening on the world stage, with botnets driving digitalization efforts that undermine Western countries and governments weaponizing their citizens' data and civilian infrastructure against entire populations. Meanwhile, financially motivated hackers are wreaking havoc and sometimes destruction across governments and private industries, demanding huge ransom payments.
As we reach the halfway mark of an already frightening year of digital attacks and hybrid warfare, we take a look at some of the worst hacks and breaches to date and how they may affect us in the future.
DOGE's large-scale scan of Social Security data leaves doubts
A year after operatives from Elon Musk's Destroyer Squad, known as the Department of Government Efficiency (DOGE), thoroughly investigated and dismantled federal agencies, we are still learning about data breaches that occurred on their watch.
It remains unclear what happened to some of the nation's most sensitive data after DOGE joined the Social Security Administration, as litigation continues in federal court. The most alarming whistleblower allegation is that DOGE uploaded a live copy of the Social Security database to an unsecured third-party server, sparking a scramble to figure out what was stored there. This database allegedly contained the Social Security numbers and related personal information of most living Americans.
In court filings, the Social Security Administration says it doesn't know exactly what happened to its servers, but that DOGE has entered into agreements with outside political advocacy groups in the name of finding evidence of voter fraud, a claim Trump continues to make without any evidence. The concern is that this database could be misused to target Americans on false grounds.
Two senior House Democrats investigating some of DOGE's activities at the Social Security Administration said the disclosure of the government's Social Security database “very likely represents the largest data breach in our nation's history.”
Image credit: Brian Dozier/Getty Images
Hackers are increasingly targeting water systems and energy grids
A worrying trend has recently emerged with cyberattacks targeting private energy and water supplies, such as power plants and dams, occurring across Europe. Several hacks attributed to (or at least partially responsible for) Russia risk real-world harm to communities and populations.
Late last year, Poland's energy grid was targeted by malware that destroyed computers, as well as a thermal power plant in Sweden and a dam in Norway that spilled enough water to fill a swimming pool. Hackers targeted Poland again earlier this year, this time at its water treatment plant, showing that Russia's hybrid warfare adversaries continue to extend beyond the digital realm.
Now, thanks to the recent US-Israel war against Iran, there are warnings that Iranian hackers are targeting America's critical infrastructure. This includes private water utilities, which often lack basic cybersecurity protections and remain targets for hackers.
Iranian government hackers attack Stryker with destructive device hack
Speaking of Iran, in March, there was a cyberattack on the US medical technology company Stryker in which Iranian hackers infiltrated and remotely wiped tens of thousands of employee devices at once, causing widespread disruption to the company's operations for several days.
The leak marks a notable shift in Iran's hacking tactics amid ongoing wars in the Middle East, with Iran moving from its typical focus on espionage and hack-and-leaks to support the country's political interests to actively provoking destructive hacks in apparent retaliation for war. The US government has determined that the hacker group behind the intrusion is Iranian intelligence. The breach ultimately had a significant impact on Stryker's first quarter revenue after it regained control of its systems.
Organize a destructive ShinyHunters hacking campaign
ShinyHunters continued its hacking campaign, targeting dozens of businesses using simple but highly effective voice phishing techniques. English-speaking hackers are good at tricking companies into handing over access to internal systems by posing as IT support or, conversely, employees who have forgotten their passwords.
Few people know better than educational technology giant Instructor how damaging the ShinyHunters hack can be. Hackers breached the company's flagship learning management system, Canvas, and stole the personal data and personal information of more than 30 million students, faculty and staff. When the company failed to pay the hackers a ransom, the hackers re-entered the school and defaced the school's login screen for Canvas, which students use to access exams and study materials. This second hack occurred during the final school year and disrupted exams for students across the country. Instructor eventually paid the ransom, despite FBI attempts to dissuade the company from paying.
Instructor is not the only target targeted by ShinyHunters hackers so far. The gang is behind some of the largest breaches in terms of number of records, including victims in higher education, finance, and government, including about 40 million records from internet provider Charter and at least 6 million customer records from cruise ship Carnival.
Image credit: TechCrunch
Supply chains are under attack, with open source projects and big tech companies targeted
A series of sustained, simultaneous, and sometimes overlapping attacks against open source developers has resulted in a massive hack targeting major technology companies and their customers.
Several of the biggest names in the security industry, including Aqua Security's Trivy tools, Bitwarden, and Checkmarx, along with other major open source projects, were compromised this year, allowing hackers to install backdoor copies of software or steal passwords, credentials, and other sensitive tokens from the computers of people who installed automatically updated preinstalled software to download malware.
These attacks leveraged stolen credentials to spread further, opening the door to downstream compromises of large companies that rely on the targeted software, including AI giant OpenAI and web hosting company Vercel. With new hacks occurring almost every week, the open source world remains a vulnerable target within the broader technology ecosystem.
FBI surveillance system breached, causing “major cyber incident''
The US Federal Bureau of Investigation was forced to declare a “major cyber incident” in April after identifying that one of its surveillance systems had been compromised, and was required to make legally required disclosures to Congress. The breach may have exposed the target's phone numbers, which are under surveillance by federal agents, according to the report.
Chinese spies were accused of infiltrating an unclassified network that held classified information about the targets of wiretapping and communications interception, including the return of pen registrations. By notifying lawmakers, the violation likely met the standard of causing “obvious harm” to U.S. national security.
Hasbro hack causes weeks of downtime
Toy giant Hasbro is the latest example of what happens when a large company is unprepared for a security incident. Weeks after discovering hackers in its systems in late March, the 103-year-old company remained largely offline, with its website unavailable and unable to serve customers.
The company, which owns well-known brands such as Transformers, Peppa Pig and Dungeons & Dragons, has said little about the incident itself, what data (if any) was stolen, or whether it paid the hackers. However, this disruption alone was likely to affect the company's finances, and as the company was busy responding to the incident, it was forced to postpone.
Hasbro said that as of mid-May, the hacker was no longer in the system and recovery was underway. However, the economic loss and ripple effects on the company's business due to this information leak are likely to become apparent within the next few months, and are expected to be substantial.
Millions of passports and driver's licenses leaked
The past few months alone have seen an increase in large-scale data breaches involving sensitive government-issued documents, such as scans of passports and driver's licenses, that are left exposed on the web. From hotel check-in systems and money transfer apps to prison payphone providers and UK visa services, these services exposed the personal documents of more than two million people that could easily be misused. Many were caused by simple security flaws that could be easily avoided with basic cybersecurity practices.
These massive data breaches come as closed community apps and websites increasingly rely on “know-your-customer” checks that force users to verify their identity before being allowed entry, and as governments push through age-verification laws that would require similar identity verification for adults accessing vast swaths of the internet.
The logic is that the larger the breach, the less effective these identity verification systems will be and the more easily they can be exploited with stolen or compromised passports and driver's licenses. Further deployment of these ID collection systems will inevitably lead to more data breaches and security flaws.
If you buy through links in our articles, we may earn a small commission. This does not affect editorial independence.