Hacked, leaked, and held for ransom: the worst breaches of 2026 so far

被黑、泄露与勒索：2026年迄今为止最严重的网络安全事件

If anything, 2026 has made clear that cybersecurity is no longer a background concern — it’s front and center, woven into almost every major story of the year. Yes, wars are still raging, the climate keeps worsening, and we’re seemingly one dodgy sneeze away from the next global pandemic. But running beneath all of it is a digital current that touches everything: wars being fought on digital fronts as well as physical ones, governments weaponizing citizens’ own data against them, botnets quietly undermining democratic institutions, nation-state hackers targeting civilian infrastructure from power grids to water systems, and ransomware gangs holding companies and institutions hostage for massive payouts. The attacks are getting bolder, more destructive, and harder to contain. As we’re halfway through this already horrendous year of digital attacks and hybrid warfare, we look at some of the worst hacks and breaches so far, and how they might affect us going forward.

如果说2026年证明了什么，那就是网络安全已不再是幕后的隐忧，而是成为了焦点，贯穿了今年几乎所有重大新闻。诚然，战争仍在肆虐，气候持续恶化，我们似乎距离下一场全球大流行病仅一步之遥。但在这一切之下，涌动着一股触及万物的数字暗流：战争不仅在物理战场上进行，也在数字前线展开；政府将公民数据武器化以对付民众；僵尸网络悄然破坏民主制度；国家级黑客瞄准从电网到供水系统的民用基础设施；勒索软件团伙则将企业和机构扣为人质，索要巨额赎金。攻击正变得越来越大胆、更具破坏性，也更难遏制。在这充满数字攻击与混合战争的糟糕年份过半之际，我们回顾一下迄今为止最严重的一些黑客攻击和数据泄露事件，以及它们将如何影响我们的未来。

关于DOGE大规模窃取社会保障数据的疑问仍未解决

A year on, after operatives with the Elon Musk-led band of government destroyers known as the Department of Government Efficiency (or DOGE) swept through and dismantled federal agencies from the inside out, we’re still learning about the data lapses that happened under their watch. After DOGE entered the Social Security Administration, it remains unclear as to what happened with some of the nation’s most sensitive data, as lawsuits battle on in federal court. The most alarming whistleblower’s claim is that DOGE uploaded a live copy of the Social Security database to an unsecured third-party server, leading to a scramble to understand what was stored in it. This database allegedly contained the Social Security numbers and associated personal information of most living Americans. In court filings, the Social Security Administration doesn’t know for sure what was on the server, but said that the DOGE signed an agreement with an outside political advocacy group under the guise of finding evidence of voter fraud, something that President Trump continues to claim without any evidence. The fears are that the database could be misused to target Americans for spurious reasons. Two of the top House Democrats investigating some of DOGE’s activities at the Social Security Administration said that the exposure of the government’s Social Security database “could very well be the largest data breach in our nation’s history.”

在埃隆·马斯克领导的“政府效率部”（DOGE）——这群以摧毁政府机构著称的组织——从内部横扫并拆解联邦机构一年后，我们仍在了解其监管下发生的数据泄露事件。在DOGE进入社会保障局（SSA）后，由于联邦法院的诉讼仍在进行，该国一些最敏感的数据究竟发生了什么仍不清楚。最令人震惊的举报称，DOGE将社会保障数据库的实时副本上传到了一个不安全的第三方服务器上，导致各方急于查明其中存储的内容。据称，该数据库包含了大多数在世美国人的社会保障号码及相关个人信息。在法庭文件中，社会保障局表示无法确定服务器上究竟有什么，但指出DOGE曾以寻找选民欺诈证据为幌子，与外部政治倡导团体签署了协议——而特朗普总统至今仍未提供任何证据来支持其关于选民欺诈的说法。人们担心该数据库可能被滥用，从而以虚假理由针对美国公民。两名调查DOGE在社会保障局活动的众议院民主党高层表示，政府社会保障数据库的泄露“很可能是我们国家历史上最大的数据泄露事件”。

Hackers are increasingly targeting water systems and energy grids

黑客日益频繁地瞄准供水系统和能源电网

A rash of cyberattacks across Europe targeting civilian energy and water supplies, like power plants and water dams, has set a troubling trend of late. Several hacks attributed to (or at least in part blamed on) Russia have risked real-world harm to communities and populations. Poland’s energy grid was targeted with computer-destroying malware at the tail end of last year, as well as a Swedish thermal plant and a Norwegian dam that spilled swimming pools’ worth of water. Hackers targeted Poland again earlier this year, this time its water treatment plants, showing that Russia’s hybrid war antagonism continues to extend beyond the digital realm. Now, thanks to the recent war between the U.S. and Israel against Iran, there are warnings that Iranian hackers are targeting critical infrastructure in the United States. This includes privately owned water utilities, which remain a soft target for hackers, often lacking basic cybersecurity protections.

近期，欧洲各地针对民用能源和供水设施（如发电厂和水坝）的一系列网络攻击引发了令人担忧的趋势。几起被归咎于（或至少部分归咎于）俄罗斯的黑客攻击，已对社区和民众造成了现实世界的危害。去年年底，波兰的电网遭到破坏性恶意软件攻击，瑞典的一家热电厂和挪威的一座水坝也遭到攻击，导致大量蓄水外泄。今年早些时候，黑客再次袭击了波兰，这次目标是其水处理厂，这表明俄罗斯的混合战争对抗正持续延伸至数字领域之外。现在，由于近期美国和以色列与伊朗之间的战争，有警告称伊朗黑客正在瞄准美国的关键基础设施。这包括私营供水设施，它们往往缺乏基本的网络安全防护，仍是黑客眼中的软目标。

Iranian government hackers struck Stryker with a destructive device hack

伊朗政府黑客利用破坏性设备攻击Stryker公司

Speaking of Iran, a cyberattack on a U.S. medical tech company, Stryker, in March saw Iranian hackers break in and remotely wipe tens of thousands of employee devices in one fell swoop, causing widespread disruption to the company’s operations for several days. The breach was a marked shift in Iranian hacking tactics at a time of ongoing war in the Middle East, with Iran moving from its typical focus of espionage and hack-and-leak operations in aid of the country’s political gains, toward actively causing destructive hacks in apparent retaliation for the war. The U.S. government attributed the hacking group behind the breach to an arm of Iranian intelligence. The breach ended up having a material impact on Stryker’s first-quarter earnings after regaining control of its systems.

说到伊朗，今年3月，美国医疗科技公司Stryker遭遇网络攻击，伊朗黑客入侵并远程清除了数万台员工设备，导致该公司业务大范围中断数日。这次泄露标志着伊朗黑客战术的显著转变：在中东战争持续的背景下，伊朗从以往侧重于服务政治利益的间谍活动和“黑客入侵与泄露”行动，转向了为报复战争而主动实施破坏性攻击。美国政府将此次攻击背后的黑客组织归咎于伊朗情报部门的一个分支。在重新控制系统后，此次泄露事件最终对Stryker的第一季度财报产生了实质性影响。

Instructure among ShinyHunters’ disruptive hacking campaigns

Instructure成为ShinyHunters破坏性黑客行动的受害者之一

The ShinyHunters continued their hacking campaigns, targeting dozens of companies with simple but highly effective voice phishing techniques. The English-speaking hackers are adept at tricking companies into turning over access to their internal systems by pretending to be IT support, or conversely, an employee who forgot their password. Few know better than the toll a hack from the ShinyHunters can have than education tech giant Instructure. The hackers breached the company’s flagship learning management system Canvas to steal private data and personal information belonging to over 30 million students and staff. When the company didn’t pay the hackers’ ransom, the hackers broke in — again — and defaced the school’s login screens for Canvas, used by students to access their exam and coursework material. This second hack happened during school finals, disrupting exams for students across the United States. Instructure eventually paid the ransom, despite efforts by the FBI to dissuade the company from paying. Instructure wasn’t the only company targeted by the ShinyHunters hackers by far. The gang has been behind some of the largest breaches by the number of records stolen, including some 40 million records from internet provider Charter and at least 6 million customer records from cruiseliner Carnival, among other victims in higher education, finance, and government.

ShinyHunters团伙继续其黑客行动，利用简单但极其有效的语音钓鱼技术瞄准了数十家公司。这些讲英语的黑客擅长冒充IT支持人员，或者冒充忘记密码的员工，诱骗公司交出内部系统访问权限。教育科技巨头Instructure对ShinyHunters攻击所带来的代价深有体会。黑客入侵了该公司旗舰学习管理系统Canvas，窃取了超过3000万学生和教职员工的私人数据及个人信息。当公司拒绝支付赎金时，黑客再次入侵，并篡改了学生用于访问考试和课程资料的Canvas登录页面。第二次攻击发生在学校期末考试期间，导致全美学生考试中断。尽管FBI极力劝阻，Instructure最终还是支付了赎金。Instructure绝非ShinyHunters唯一的受害者。该团伙制造了多起窃取记录数量最庞大的泄露事件，包括从互联网服务提供商Charter窃取约4000万条记录，以及从嘉年华邮轮公司（Carnival）窃取至少600万条客户记录，其他受害者还涉及高等教育、金融和政府部门。