Hacked, leaked, and held for ransom: The worst breaches of 2026 so far Zack Whittaker 9:45 AM PDT · July 7, 2026 If anything, 2026 has made clear that cybersecurity is no longer a background concern — it’s front and center, woven into almost every major story of the year. Yes, wars are still raging, the climate keeps worsening, and we’re seemingly one dodgy sneeze away from the next global pandemic.
But running beneath all of it is a digital current that touches everything: wars being fought on digital fronts as well as physical ones, governments weaponizing citizens’ own data against them, botnets quietly undermining democratic institutions, nation-state hackers targeting civilian infrastructure from power grids to water systems, and ransomware gangs holding companies and institutions hostage for massive payouts. The attacks are getting bolder, more destructive, and harder to contain.
As we enter the second half of this already horrendous year of digital attacks and hybrid warfare, here’s a look at some of the worst hacks and breaches so far, and how they might affect us going forward.
A year on, after operatives with the Elon Musk-led band of government destroyers known as the Department of Government Efficiency (or DOGE) swept through and dismantled federal agencies from the inside out, we’re still learning about the data lapses that happened under their watch.
After DOGE entered the Social Security Administration, it remains unclear as to what happened with some of the nation’s most sensitive data , as lawsuits battle on in federal court. The most alarming whistleblower’s claim is that DOGE uploaded a live copy of the Social Security database to an unsecured third-party server, leading to a scramble to understand what was stored in it. This database allegedly contained the Social Security numbers and associated personal information of most living Americans.
In court filings, the Social Security Administration doesn’t know for sure what was on the server, but said that the DOGE signed an agreement with an outside political advocacy group under the guise of finding evidence of voter fraud, something that President Trump continues to claim without any evidence . The fears are that the database could be misused to target Americans for spurious reasons.
Two of the top House Democrats investigating some of DOGE’s activities at the Social Security Administration said that the exposure of the government’s Social Security database “could very well be the largest data breach in our nation’s history.”
A rash of cyberattacks across Europe targeting civilian energy and water supplies, like power plants and water dams, has set a troubling trend of late. Several hacks attributed to (or at least in part blamed on) Russia have risked real-world harm to communities and populations.
Poland’s energy grid was targeted with computer-destroying malware at the tail end of last year, as well as a Swedish thermal plant and a Norwegian dam that spilled swimming pools’ worth of water . Hackers targeted Poland again earlier this year, this time its water treatment plants , showing that Russia’s hybrid war antagonism continues to extend beyond the digital realm.
Now, thanks to the recent war between the U.S. and Israel against Iran, there are warnings that Iranian hackers are targeting critical infrastructure in the United States. This includes privately owned water utilities, which remain a soft target for hackers, often lacking basic cybersecurity protections.
Speaking of Iran, a cyberattack on a U.S. medical tech company, Stryker, in March saw Iranian hackers break in and remotely wipe tens of thousands of employee devices in one fell swoop , causing widespread disruption to the company’s operations for several days.
The breach was a marked shift in Iranian hacking tactics at a time of ongoing war in the Middle East, with Iran moving from its typical focus of espionage and hack-and-leak operations in aid of the country’s political gains, toward actively causing destructive hacks in apparent retaliation for the war. The U.S. government attributed the hacking group behind the breach to an arm of Iranian intelligence. The breach ended up having a material impact on Stryker’s first-quarter earnings after regaining control of its systems.
Market research provider Klue was at the center of a mass data breach that affected close to 200 companies, of which several were cybersecurity giants such as Jamf , HackerOne , and LastPass . It was one of the broadest data breaches of the year, affecting a multitude of Klue’s customers, less than a year after the company laid off half of its staff in favor of doubling down on AI.
Klue admitted that the extortion gang, dubbed Icarus, broke into its systems using a credential that it issued in 2022 for a limited pilot, implying that the company had around four years to decommission the credential before it was stolen and used to break into its systems. In the data breach, Klue exposed the keys to its customers’ cloud services, allowing the hackers to break in and steal those stores of data to extort those companies for a ransom.
While governments and researchers often urge victims not to pay ransoms to prevent hackers from profiting from cybercrime, Klue told its customers that it had reached an agreement with the hackers not to publish the stolen data — strongly suggesting that it had paid them.
___________________________________________________________________________________________________________
-- --
PLEASE LIKE IF YOU FOUND THIS HELPFUL TO SUPPORT OUR FORUM.
