Rather, it has become clear that by 2026 cybersecurity will no longer be a background issue. Cybersecurity is front and center in almost every major story this year. Yes. War still rages, and the climate continues to worsen. And it looks like we have just one more sneeze to avoid the next global pandemic.
But behind the scenes, there is a digital flow that affects everything. Wars are being waged on both digital and physical fronts, governments using their citizens’ data as weapons, botnets quietly undermining democratic institutions, nation-state hackers targeting civilian infrastructure from power grids to water systems, and ransomware gangs holding companies and institutions hostage for huge rewards. Attacks are becoming increasingly bold, more destructive and more difficult to contain.
As we’re already halfway through a terrifying year of digital attacks and hybrid warfare, let’s take a look at some of the worst hacks and breaches to date and see what they could mean for us going forward.
Questions remain about DOGE’s massive Social Security data breach.
A year after operatives from the Elon Musk-led government sabotage group known as the Department of Government Efficiency (or DOGE) swept through and dismantled federal agencies from within, we are still learning about the data breaches that occurred under their watch.
Even after DOGE went into Social Security, it remains unclear what happened to some of America’s most sensitive data as litigation continues in federal court. The most surprising whistleblower claim is that DOGE uploaded live copies of the Social Security database to unsecured third-party servers, creating a scramble to understand what was stored there. This database reportedly contains Social Security numbers and related personal information for most Americans.
In court filings, the Social Security Administration said it wasn’t sure what was on the servers, but that the governor had contracted with an outside political advocacy group under the pretense of finding evidence of voter fraud, something President Trump continues to claim without any evidence. The concern is that the database could be misused to target Americans for false reasons.
Two House Democrats who investigated some of DOGE’s activities at the Social Security Administration said the exposure of the government’s Social Security database “could be the largest data breach in the history of our country.”
Hackers are increasingly targeting water systems and energy grids.
Across Europe, cyberattacks targeting private energy and water sources, including power plants and dams, have recently become a troubling trend. There is a real risk of real harm to communities and populations from several hacks attributed to (or at least partially blamed on) Russia.
Poland’s energy grid was targeted by malware that destroyed computers late last year, while a Swedish thermal power plant and a Norwegian dam that spilled as much water as a swimming pool were also attacked. Hackers again targeted water treatment plants in Poland earlier this year. This shows that Russia’s hybrid warfare hostility continues to extend beyond the digital realm.
The recent war between the United States and Israel against Iran has led to warnings that Iranian hackers are targeting critical U.S. infrastructure. This includes privately owned water utilities, which lack basic cybersecurity protections and often remain soft targets for hackers.
Iranian government hackers attacked Stryker with destructive device hacking.
Speaking of Iran, a cyberattack on US health technology company Stryker last March allowed Iranian hackers to remotely wipe tens of thousands of employee devices at once, causing widespread disruption to the company’s operations for several days.
The breach marks a significant shift in Iran’s hacking tactics at a time of ongoing war in the Middle East. Iran has moved from its typical focus on espionage and hacking and exfiltration operations to aid the country’s political interests to actively provoking destructive hacks in apparent retaliation for the war. The U.S. government blamed the hacking group behind this breach on Iranian intelligence. The breach had a significant impact on Stryker’s first quarter earnings after it eventually regained control of its systems.
Rescued during ShinyHunters’ destructive hacking campaign
ShinyHunters continued their hacking campaign, targeting dozens of companies using a simple but highly effective voice phishing technique. English-speaking hackers are adept at tricking companies into handing over access to internal systems by posing as IT support or, conversely, as employees who have forgotten their passwords.
Few people know more than the damage that ShinyHunters’ hack could cause than edtech giant Instruct. Hackers breached the company’s flagship learning management system, Canvas, and stole the personal data and personal information of more than 30 million students and faculty. After the company failed to pay the hackers’ ransom, the hackers broke in again and defaced the school’s login screen for Canvas, which students use to access exams and course materials. The second hack occurred during school final exams, disrupting exams for students across the United States. Instructure tried to convince the FBI to pay the company’s ransom, but it ultimately paid the ransom.
Instructure wasn’t the only company targeted by ShinyHunters hackers so far. Gangs were behind some of the biggest breaches in terms of the number of records stolen, including victims’ records in higher education, finance and government, including about 40 million records from internet provider Charter and at least 6 million customer records from cruise liner Carnival.
Supply chains are under attack, targeting open source projects and big tech companies.
A series of ongoing, simultaneous, and sometimes overlapping attacks on open source developers have resulted in massive hacks targeting big tech companies and their customers.
Some of the biggest names in security have been compromised this year, including Aqua Security’s Trivy tool, Bitwarden, and Checkmarx, along with other major open source projects. This allowed hackers to steal passwords, credentials and other sensitive tokens from the computers of people who installed copies of the backdoored software, or auto-updated pre-installed software to download malware.
These attacks spread further using stolen credentials, opening the door to downstream compromise of large companies that rely on targeted software, including AI giant OpenAI and web hosting company Vercel. With new hacks occurring almost every week, the open source world remains a vulnerable target in the broader tech ecosystem.
The FBI’s surveillance systems were breached, sparking a ‘major cyber incident’.“
The Federal Bureau of Investigation (FBI) was forced to declare a “significant cyber incident” last April, legally required to disclose it to Congress after confirming that one of its surveillance systems had been compromised. According to the report, the leak potentially exposed phone numbers of targets being monitored by federal agents.
Chinese spies have been accused of breaching unclassified networks holding sensitive information about targets of surveillance, wiretapping and other communications interceptions, such as pen registration returns. By notifying lawmakers, the violations likely met the standard of causing “demonstrable harm” to U.S. national security.
Hasbro’s hack caused weeks of downtime.
Hasbro, a major toy manufacturer, is the latest example of what happens when a large company suffers a security breach and is not prepared for it. Weeks after discovering hackers in its systems in late March, the 103-year-old company remained largely offline, its website unavailable and unable to serve customers.
The company, which owns popular brands such as Transformers, Peppa Pig and Dungeons & Dragons, has said little about the incident itself, what data was collected (if any) and whether it paid the hackers. But this disruption alone is likely to have an impact on the company’s finances, forcing delays as the company rushes to deal with the case.
Hasbro said as of mid-May the hackers were no longer present on its systems and recovery was underway. However, the financial costs and business ramifications of a breach are likely to be realized in the coming months and are expected to be significant.
Millions of passports and driver’s licenses were exposed in bulk.
In the past few months alone, we have seen an increase in critical data exposures involving people’s sensitive government-issued identity documents, including scans of passports and driver’s licenses exposed on the web. From hotel check-in systems and money transfer apps to prison phone service providers and UK visa services, these services exposed the personal documents of more than two million people, which could easily be misused. Most are caused by simple security mistakes that can be easily avoided with basic cybersecurity practices.
These large-scale data breaches come at a time when closed community apps and websites are increasingly relying on “know your customer” checks, forcing users to verify their identity before entering, and when governments are pushing age verification laws that would require similar identification for adults to access the broad internet.
The logic is that the more leaks there are, the less effective these identity verification systems become because they can be easily misused with stolen or leaked passports or driver’s licenses. As additional such ID collection systems are rolled out, more data leaks and security failures will inevitably occur.
If you purchase through links in our articles, we may receive a small commission. This does not affect our editorial independence.
