Hacked, leaked, and held for ransom: the worst breaches of 2026 so far

This report surveys major 2026 cyber incidents and trends: an alleged massive exposure of the U.S. Social Security database tied to a politically linked group; nation-state attacks on energy and water infrastructure and a destructive Iranian hack that wiped employee devices at Stryker; criminal campaigns by groups such as ShinyHunters targeting education and consumer companies for extortion and data theft; widespread supply-chain compromises of open-source tools leading to downstream credential theft and breaches of large tech firms; an FBI surveillance system breach exposing sensitive target data; and numerous large-scale leaks of passports and driver licences due to poor security practices.