HomeEverythingEducation
Equities & FundsCrypto & Digital AssetsAI & TechnologyBusiness & CorporateUS Politics & PolicyGeopolitics & Global RiskMacro, Rates & FXCommodities & EnergyEuropean Politics & MarketsAsia-PacificReal Estate & Property
← All Stories

2026's Worst Data Breaches: From Social Security to Critical Infrastructure

Created at 7 Jul · 5:10 PM1 source↑ Market-relevant
IN SHORT

This year has seen a surge in sophisticated cyberattacks, including a potential massive breach at the Social Security Administration, attacks on European energy and water systems, and destructive hacks on companies like Stryker and Instructure. Ransomware gangs and state-sponsored actors are increasingly targeting critical infrastructure and sensitive data.

✉Newsletter

PiQ Daily

Pick your topics. Get only what matters, on your cadence.

Key Numbers

2026year of major data breaches
30 millionstudents and staff affected by Instructure breach
200companies affected by Klue data breach
40 millionrecords stolen from Charter
6 millioncustomer records stolen from Carnival

Who's Involved

Department of Government Efficiency (DOGE)
Elon Musk-led group responsible for data lapses at Social Security Administration
President Trump
Claims of voter fraud without evidence related to DOGE's actions
House Democrats
Investigating DOGE's activities at the Social Security Administration
Russia
Attributed with cyberattacks on European energy and water supplies
Iranian hackers
Targeted critical infrastructure in the US and attacked Stryker
Stryker
US medical tech company hit by destructive Iranian cyberattack
Klue
Market research provider that experienced a mass data breach
Icarus
Extortion gang that breached Klue's systems
ShinyHunters
Hacking group targeting companies with voice phishing techniques
Instructure
Education tech giant whose learning management system was breached
FBI
Attempted to dissuade Instructure from paying ransom
Aqua Security
Security company whose Trivy tool was compromised
Bitwarden
Security company whose open source project was compromised
Checkmarx
Security company whose open source project was compromised
2026's Worst Data Breaches: From Social Security to Critical Infrastructure

↳ Why This Matters

These widespread and increasingly sophisticated cyberattacks demonstrate a critical vulnerability in digital infrastructure globally, posing significant risks to personal data, critical services like energy and water, and corporate operations, with potential long-term implications for national security and economic stability.

Key facts

  • A potential massive data breach at the Social Security Administration involving sensitive personal information of most living Americans is under investigation.
  • Cyberattacks targeting European energy and water infrastructure, attributed in part to Russia, have occurred.
  • Iranian hackers conducted a destructive cyberattack on US medical tech company Stryker, wiping employee devices.
  • Market research firm Klue suffered a wide-reaching data breach impacting nearly 200 clients.
  • Education tech company Instructure was targeted by ShinyHunters, leading to a breach of data for over 30 million students and staff.
  • Attacks on open source projects have led to compromises affecting Big Tech companies and their customers.

The year 2026 has been marked by a significant escalation in cyberattacks, impacting government agencies, critical infrastructure, and major corporations. These breaches highlight the growing threat of ransomware, state-sponsored hacking, and supply chain attacks, underscoring cybersecurity's central role in global events.

A year after the Department of Government Efficiency (DOGE) dismantled federal agencies, the Social Security Administration is facing scrutiny over potential data lapses. Whistleblower claims suggest a live copy of the Social Security database, containing sensitive personal information of most Americans, may have been uploaded to an unsecured third-party server. Lawsuits are ongoing, with top House Democrats calling it potentially the largest data breach in U.S. history.

Across Europe, a series of cyberattacks attributed to Russia have targeted civilian energy and water supplies, including power plants and water dams in Poland, Sweden, and Norway. These attacks demonstrate a continuation of Russia's hybrid warfare tactics beyond the digital realm. Amidst the ongoing conflict between the U.S. and Israel against Iran, warnings have been issued about Iranian hackers targeting U.S. critical infrastructure, particularly privately owned water utilities that often lack adequate cybersecurity.

In March, Iranian government hackers launched a destructive attack on U.S. medical tech company Stryker, remotely wiping tens of thousands of employee devices. This marked a shift in Iranian hacking tactics towards causing destructive damage, moving away from espionage and hack-and-leak operations. The U.S. government attributed the attack to an arm of Iranian intelligence, and it materially impacted Stryker's first-quarter earnings.

Market research provider Klue experienced a broad data breach affecting nearly 200 companies, including cybersecurity giants like Jamf, HackerOne, and LastPass. The breach, attributed to the extortion gang Icarus, exploited a credential issued years prior. Klue reportedly reached an agreement with the hackers to prevent data publication, suggesting a ransom payment, though another hacking group also obtained a portion of the data.

Education technology giant Instructure fell victim to the ShinyHunters hacking group, which breached its Canvas learning management system and stole private data of over 30 million students and staff. After Instructure did not pay the ransom, hackers defaced login screens during final exams. Despite FBI dissuasion, Instructure eventually paid the ransom. ShinyHunters has also been linked to breaches at Charter and Carnival.

Supply chain attacks have also targeted open source projects, compromising tools like Aqua Security's Trivy and Bitwarden. These attacks allowed hackers to steal passwords and credentials from users who installed backdoored software or received auto-updates containing malware, impacting Big Tech companies and their customers.

Frequently asked questions

DOGE is described as an Elon Musk-led group that dismantled federal agencies, leading to data lapses at the Social Security Administration.

The database allegedly contained the Social Security numbers and associated personal information of most living Americans.

Poland, Sweden, and Norway have experienced cyberattacks on their energy and water infrastructure.

Iranian hackers remotely wiped tens of thousands of employee devices, causing widespread disruption and materially impacting Stryker's first-quarter earnings.

Jamf, HackerOne, and LastPass were among the cybersecurity giants affected by the Klue data breach.

What Happens Next

01Ongoing lawsuits in federal court regarding the Social Security Administration data lapse.
02Continued monitoring of Iranian hacking activities targeting U.S. critical infrastructure.
03Further investigation into the impact of compromised open source projects on Big Tech companies.

Get the newsletter.

Pick the topics you actually care about. We'll email when there's news worth your time, on the cadence you choose. Cancel any time from your account.

Cadence

How It Developed

The Department of Government Efficiency (DOGE) dismantled federal agencies, leading to data lapses at the Social Security Administration.
A whistleblower claimed DOGE uploaded a live copy of the Social Security database to an unsecured third-party server.
Iranian hackers targeted critical infrastructure in the US, including privately owned water utilities.
Iranian government hackers conducted a destructive device hack on US medical tech company Stryker.
Market research provider Klue experienced a broad data breach affecting nearly 200 companies, including cybersecurity firms.
The hacking group ShinyHunters targeted education tech giant Instructure, stealing data from over 30 million students and staff.
ShinyHunters also compromised internet provider Charter and cruiseliner Carnival.
Open source projects like Aqua Security's Trivy and Bitwarden were compromised, leading to hacks targeting Big Tech companies.

Sources

T1
Hacked, leaked, and held for ransom: The worst breaches of 2026 so farTechCrunch

Related Stories

Tech Layoffs Accelerate in 2026, Driven by AI Adoption
6 Jul · 7:06 PM
AI-driven ransomware attack still required human setup
7 Jul · 12:30 AM
Zoox gains market share in robotaxi sector, surpassing Waymo in user growth
7 Jul · 9:20 AM
AI-Generated Soldiers Flood Social Media Feeds
7 Jul · 9:10 AM
US Cyber Agency Uses Anthropic's Mythos AI to Audit Government Code
6 Jul · 8:12 PM