Key facts
- A potential massive data breach at the Social Security Administration involving sensitive personal information of most living Americans is under investigation.
- Cyberattacks targeting European energy and water infrastructure, attributed in part to Russia, have occurred.
- Iranian hackers conducted a destructive cyberattack on US medical tech company Stryker, wiping employee devices.
- Market research firm Klue suffered a wide-reaching data breach impacting nearly 200 clients.
- Education tech company Instructure was targeted by ShinyHunters, leading to a breach of data for over 30 million students and staff.
- Attacks on open source projects have led to compromises affecting Big Tech companies and their customers.
The year 2026 has been marked by a significant escalation in cyberattacks, impacting government agencies, critical infrastructure, and major corporations. These breaches highlight the growing threat of ransomware, state-sponsored hacking, and supply chain attacks, underscoring cybersecurity's central role in global events.
A year after the Department of Government Efficiency (DOGE) dismantled federal agencies, the Social Security Administration is facing scrutiny over potential data lapses. Whistleblower claims suggest a live copy of the Social Security database, containing sensitive personal information of most Americans, may have been uploaded to an unsecured third-party server. Lawsuits are ongoing, with top House Democrats calling it potentially the largest data breach in U.S. history.
Across Europe, a series of cyberattacks attributed to Russia have targeted civilian energy and water supplies, including power plants and water dams in Poland, Sweden, and Norway. These attacks demonstrate a continuation of Russia's hybrid warfare tactics beyond the digital realm. Amidst the ongoing conflict between the U.S. and Israel against Iran, warnings have been issued about Iranian hackers targeting U.S. critical infrastructure, particularly privately owned water utilities that often lack adequate cybersecurity.
In March, Iranian government hackers launched a destructive attack on U.S. medical tech company Stryker, remotely wiping tens of thousands of employee devices. This marked a shift in Iranian hacking tactics towards causing destructive damage, moving away from espionage and hack-and-leak operations. The U.S. government attributed the attack to an arm of Iranian intelligence, and it materially impacted Stryker's first-quarter earnings.
Market research provider Klue experienced a broad data breach affecting nearly 200 companies, including cybersecurity giants like Jamf, HackerOne, and LastPass. The breach, attributed to the extortion gang Icarus, exploited a credential issued years prior. Klue reportedly reached an agreement with the hackers to prevent data publication, suggesting a ransom payment, though another hacking group also obtained a portion of the data.
Education technology giant Instructure fell victim to the ShinyHunters hacking group, which breached its Canvas learning management system and stole private data of over 30 million students and staff. After Instructure did not pay the ransom, hackers defaced login screens during final exams. Despite FBI dissuasion, Instructure eventually paid the ransom. ShinyHunters has also been linked to breaches at Charter and Carnival.
Supply chain attacks have also targeted open source projects, compromising tools like Aqua Security's Trivy and Bitwarden. These attacks allowed hackers to steal passwords and credentials from users who installed backdoored software or received auto-updates containing malware, impacting Big Tech companies and their customers.
