Major cyberattacks in 2026 target governments, infrastructure, and corporations
8 reported2 unconfirmed
A TechCrunch report published June 3, 2026, reviews the most significant hacks and breaches of the year so far, noting that cybersecurity remains a key indicator of global conflict. The article highlights a range of incidents, including a massive data exposure at the Social Security Administration linked to DOGE operatives, destructive cyberattacks on critical infrastructure in Europe and the U.S., and a breach of the FBI’s surveillance system attributed to Chinese spies. Other major incidents include a destructive hack on medical tech company Stryker by Iranian government hackers, a disruptive campaign by the ShinyHunters group against Instructure and other companies, and a supply chain attack targeting open source projects that compromised firms like OpenAI. The report also covers a prolonged outage at toymaker Hasbro and multiple exposures of passport and driver’s license data affecting over two million people.
What’s reported
DOGE operatives entered the Social Security Administration and allegedly uploaded a live copy of the Social Security database to an unsecured third-party server, containing Social Security numbers of most living Americans.
Two top House Democrats investigating DOGE’s activities said the exposure “could very well be the largest data breach in our nation’s history.”
A rash of cyberattacks in Europe targeted civilian energy and water supplies, with several hacks attributed to Russia, including attacks on Poland’s energy grid and water treatment plants, a Swedish thermal plant, and a Norwegian dam.
Iranian government hackers struck Stryker in March, remotely wiping tens of thousands of employee devices, causing a material impact on the company’s first-quarter earnings.
The ShinyHunters group breached Instructure’s Canvas system, stealing data of over 30 million students and staff, and later defaced login screens during finals; Instructure eventually paid the ransom.
The FBI declared a “major cyber incident” in April after a surveillance system was breached, potentially exposing phone numbers of surveillance targets; Chinese spies were accused of the breach.
Hasbro remained largely offline for weeks after a hack discovered in late March, delaying its financials; the company said by mid-May the hackers were no longer in its systems.
Over two million people’s passport and driver’s license scans were exposed from services including a hotel check-in system, a money transfer app, a prison payphone provider, and a U.K. visa service.
Open questions
What exactly was stored on the unsecured third-party server containing the Social Security database, and whether the data has been misused.
What data was taken from Hasbro, and whether the company paid the hackers.
Key figures
Elon Musk (leader of DOGE)
President Trump (claimed voter fraud without evidence)
Two top House Democrats (investigating DOGE’s activities at the Social Security Administration)
ShinyHunters (English-speaking hacking group)
Instructure (education tech company)
Stryker (U.S. medical tech company)
Hasbro (toymaker)
OpenAI (AI company)
Vercel (web hosting company)
Sources: TechCrunch
