The worst hacks and breaches of 2026 (so far)

If we look back at the year of 2026 so far, it might be easy to see cybersecurity falling by the wayside, as much of the world’s attention remains on wars raging, the climate worsening, and we’re seemingly just one dodgy sneeze away from the next global pandemic.

As we’re halfway through this already horrendous year of digital attacks and hybrid warfare, we look at some of the worst hacks and breaches so far, and how they might affect us going forward.

A year on, after operatives with the Elon Musk-led band of government destroyers known as the Department of Government Efficiency (or DOGE) swept through and dismantled federal agencies from the inside out, we’re still learning about the data lapses that happened under their watch.

After DOGE entered the Social Security Administration, it remains unclear as to what happened with some of the nation’s most sensitive data, as lawsuits battle on in federal court. The most alarming whistleblower’s claim is that DOGE uploaded a live copy of the Social Security database to an unsecured third-party server, leading to a scramble to understand what was stored in it. This database allegedly contained the Social Security numbers and associated personal information of most living Americans.

In court filings, the Social Security Administration doesn’t know for sure what was on the server, but said that the DOGE signed an agreement with an outside political advocacy group under the guise of finding evidence of voter fraud, something that President Trump continues to claim without any evidence. The fears are that the database could be misused to target Americans for spurious reasons.

Two of the top House Democrats investigating some of DOGE’s activities at the Social Security Administration said that the exposure of the government’s Social Security database “could very well be the largest data breach in our nation’s history.”

A rash of cyberattacks across Europe targeting civilian energy and water supplies, like power plants and water dams, has set a troubling trend of late. Several hacks attributed to (or at least in part blamed on) Russia have risked real-world harm to communities and populations.

Poland’s energy grid was targeted with computer-destroying malware at the tail end of last year, as well as a Swedish thermal plant, and a Norwegian dam that spilled swimming pools’ worth of water. Hackers targeted Poland again earlier this year, this time its water treatment plants, showing that Russia’s hybrid war antagonism continues to extend beyond the digital realm.

Now, thanks to the recent war between the U.S.