Hacked, leaked and held for ransom: the worst breaches of 2026 so far

If anything, 2026 has made clear that cybersecurity is no longer a background concern — rather, it’s front and center, woven into almost every major story of the year. Yes, wars are still raging, the climate is getting worse, and we seem to be one sneeze away from the next global pandemic.

But beneath all this there is a digital current that touches everything: wars being fought on digital as well as physical fronts, governments that weaponize citizens’ private data against them, botnets that are quietly working to undermine democratic institutions, nation-state hackers who target civilian infrastructure from energy grids to water systems, and ransomware gangs that hold companies and institutions hostage in exchange for huge sums of money. Attacks are becoming bolder, more destructive, and more difficult to contain.

While we’re in the middle of this already horrific year of digital attacks and hybrid warfare, we look at some of the worst hacks and breaches to date, and how they could affect us in the future.

Questions remain about DOGE’s massive hit on Social Security data

A year later, after agents of the government destroyer division led by Elon Musk Known as the Department of Government Efficiency (or DOGE) After federal agencies have been overrun and dismantled from the inside out, we are still learning about the data lapses that occurred under their watch.

After DOGE entered the Social Security Administration, it is still unclear what happened with some of them The most sensitive data in the countrywhile lawsuits battle in federal court. The most disturbing allegation is that DOGE uploaded a live copy of its Social Security database to an unsecured third-party server, leading to a scramble to understand what was stored there. This database allegedly contains the Social Security numbers and associated personal information of most living Americans.

In court filings, the Social Security Administration doesn’t know for sure what was on the server, but said DOGE signed an agreement with an outside political advocacy group under the guise of finding evidence of voter fraud, something President Trump has said it would do. He continues to make claims without any evidence. Concerns are that the database could be misused to target Americans for false reasons.

Two senior House Democrats are investigating some DOGE activities at the Social Security Administration, he said That exposure From the government’s Social Security database “It could be the largest data breach in our nation’s history.”

Hackers are increasingly targeting water systems and power grids

A series of cyber attacks across Europe targeting civilian energy and water supplies, such as power plants and water dams, has created a worrying trend recently. Many of the hacks attributed to Russia (or at least partly blamed) risked causing real harm to communities and populations.

Poland’s power grid has been targeted Malware that destroys your computer At the end of last year, as well as A Swedish thermal station And the Norwegian dam that extended Water value for swimming pools. Hackers targeted Poland again earlier this year, this time Its water treatment plantsWhich shows that Russia’s hostility to hybrid warfare still extends beyond the digital realm.

Now, thanks to the recent war between the United States and Israel against Iran, there are warnings that Iranian hackers are targeting critical infrastructure in the United States. This includes privately owned water utilities, which remain easy targets for hackers and often lack basic cybersecurity protections.

Iranian government hackers hit Stryker with a devastating hack of the device

Speaking of Iran, a cyberattack on the US medical technology company, Stryker, in March led to Iranian hackers infiltrating it. Wipe tens of thousands of employee devices remotely in one fell swoopThis caused widespread disruption to the company’s operations for several days.

The hack marked a marked shift in Iranian hacking tactics at a time of ongoing war in the Middle East, with Iran moving from its typical focus on espionage, hacks and leaks to aid the country’s political gains, towards actively causing devastating hacks in apparent retaliation for the war. US government The hacking group was attributed Behind the hack of the Iranian intelligence arm. The hack is over There is a physical effect On Stryker’s first-quarter earnings after regaining control of its systems.

Teach as part of ShinyHunters’ disruptive hacking campaigns

the ShinyHunters They continued their hacking campaigns, targeting dozens of companies using simple but highly effective voice phishing techniques. English-speaking hackers are skilled at tricking companies into handing over access to their internal systems by pretending to be IT support, or conversely, an employee who has forgotten their password.

Few know better the toll a ShinyHunters hack can take than edtech giant Instructure. Hackers breached the company’s leading learning management system Canvas to steal private data and personal information belonging to more than 30 million students and employees. When the company did not pay the hackers’ ransom, the hackers broke in – again – and They defaced the school’s login screens for Canvasused by students to access exam and course materials. This second hack occurred during school final exams, disrupting student exams across the United States. Instructure eventually paid the ransom, despite efforts by the FBI to dissuade the company from paying.

Instructure isn’t the only company targeted by ShinyHunters hackers so far. The gang was behind some of the largest breaches in terms of the number of records stolen, including… About 40 million records from the Internet provider charter and At least 6 million cruiseliner Carnival customer recordsamong other victims in Higher education, financeand government.

The supply chain is under attack, targeting open source projects and major technology companies

A series of persistent, simultaneous, and sometimes overlapping attacks on open source developers has led to massive hacks targeting major technology companies and their customers.

Some of the biggest names in security, including Aqua Security’s Trivy Tool, Betwardenand Checkmarksalong with others Major open source projectswas breached this year, allowing hackers to steal passwords, credentials and other sensitive codes from the computers of anyone who had installed a backdoor version of the software, or had pre-installed software automatically updated to download the malware.

These attacks used stolen credentials to spread further, opening the door to downstream compromises for major companies that relied on the targeted software, including Artificial intelligence giant OpenAI and Vercel web hosting company. With a new hack occurring almost every week, the open source world remains a vulnerable target in the broader technology ecosystem.

The FBI’s surveillance system was hacked, resulting in a “major cyber incident.”“

The US Federal Bureau of Investigation was forced to do so Announcing a “major cyber incident” In April, it made a legally required disclosure to Congress, after determining that one of its surveillance systems had been hacked. According to reports, a hack is possible Exposed phone numbers of monitored targets By federal agents.

Chinese spies have been accused of infiltrating the unclassified network, which contains sensitive information about the surveillance targets of wiretaps and other communications interceptions, such as pen records. By notifying lawmakers, the breach likely met the requirement of causing “demonstrable harm” to U.S. national security.

Hasbro hack led to weeks of downtime

Toy giant Hasbro is the latest example of what happens when a large company suffers a security incident and is unprepared for it. Weeks after hackers were discovered in its systems In late Marchthe 103-year-old company has remained largely offline, its website unavailable, and unable to serve its customers.

The company, which owns big brands like Transformers, Peppa Pig, and Dungeons & Dragons, has said little about the incident itself, what data was taken (if any), and whether it paid the hackers. But the disruption alone would likely impact the company’s financials, which is what it was forced to do delayThe company rushed to deal with the incident.

Hasbro He said As of mid-May, the hackers are no longer present in its systems and the recovery process is underway. But the financial costs of the hack and the damaging impact on its business are likely to materialize in the coming months and are expected to be significant.

Millions of passports and driver’s licenses have been exposed

Over the past few months alone, there has been an uptick in major disclosures of data relating to people’s sensitive government-issued identity documents, including scans of passports and driver’s licenses left exposed on the internet. from Hotel check-in system And a Money transfer application To A Public phone provider in prison and UK visa serviceThese services exposed personal documents of more than two million people that could easily be misused. Many of them were caused by simple security vulnerabilities that could have been easily avoided through basic cybersecurity practices.

These massive data spills come at a time when closed society apps and websites increasingly rely on “know your customer” checks to force users to verify their identity before letting them in, and governments are taking action. Push age verification laws Requiring adults to perform similar identity checks to access a wide swath of the Internet.

The logic goes that the more spills there are, the less effective identity verification systems can be Easily misused With a stolen or leaked passport or driver’s license. The further rollout of these identity collection systems will inevitably lead to more data breaches and security vulnerabilities.