2026 is shaping up as another rough year for American security. Foreign governments and criminals are hitting hard, while weak government oversight and sloppy company practices make things worse. Here’s a rundown of some of the worst hacks and breaches so far this year.
One of the biggest potential disasters involves foreign hackers targeting critical infrastructure. Russian-linked groups hit Poland’s energy grid with destructive malware, a Swedish power plant, and a Norwegian dam that caused major water spills. Poland’s water treatment plants were also breached. With tensions involving Iran, U.S. water utilities face similar threats—many lack basic protections.
In March, Iranian hackers hit medical tech firm Stryker. They remotely wiped tens of thousands of employee devices, disrupting operations and hurting the company’s earnings. This marked a shift to more destructive attacks.
The ShinyHunters gang used voice phishing tricks to breach companies. They stole data on over 30 million students and staff from Instructure’s Canvas system, hit it again during finals when ransom wasn’t paid, then the company paid anyway. They also grabbed about 40 million records from Charter and millions more from Carnival Cruise Line, plus hits on universities, finance firms, and government targets.
Supply chain attacks compromised trusted security tools like Aqua Security’s Trivy, Bitwarden, and Checkmarx. Backdoors let hackers steal passwords and credentials from developers, spreading to big names like OpenAI and Vercel.
The FBI declared a “major cyber incident” after a breach of its surveillance systems—possibly exposing phone numbers of wiretap targets. Chinese spies are suspected.
Toy giant Hasbro suffered weeks of downtime after a late March hack, taking its website offline and delaying financial reports.
Millions of passports and driver’s licenses were exposed in simple slip-ups at a hotel system, prison payphone service, and UK visa portal. These make identity theft and bypassing age checks easier.
Americans deserve better. Stronger borders, smarter spending, and real accountability—not more government overreach—could help protect our data and infrastructure from these growing threats.
Sources
- TechCrunch: "Hacked, leaked, and held for ransom: The worst breaches of 2026 so far" - https://techcrunch.com/2026/06/07/the-worst-hacks-and-breaches-of-2026-so-far/
- HIPAA Journal: "Stryker Cyberattack Has Impacted First Quarter Earnings" - https://www.hipaajournal.com/stryker-cyberattack-iran/
- The Hacker News: "Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak" - https://thehackernews.com/2026/05/instructure-reaches-ransom-agreement.html
- Politico: "FBI declares suspected Chinese hack of US surveillance system a ‘major cyber incident’" - https://www.politico.com/news/2026/04/01/fbi-hack-surveillance-system-major-incident-00854237
- The Wall Street Journal: "China Suspected in Breach of FBI Surveillance Network" - https://www.wsj.com/politics/national-security/china-suspected-in-breach-of-fbi-surveillance-network-2c9d1691