Hacked, leaked, and held for ransom: The worst breaches of 2026 so far

Hacked, leaked, and held for ransom: The worst breaches of 2026 so far

被黑、泄露与勒索:2026年迄今为止最严重的网络安全事件

If anything, 2026 has made clear that cybersecurity is no longer a background concern — it’s front and center, woven into almost every major story of the year. Yes, wars are still raging, the climate keeps worsening, and we’re seemingly one dodgy sneeze away from the next global pandemic. But running beneath all of it is a digital current that touches everything: wars being fought on digital fronts as well as physical ones, governments weaponizing citizens’ own data against them, botnets quietly undermining democratic institutions, nation-state hackers targeting civilian infrastructure from power grids to water systems, and ransomware gangs holding companies and institutions hostage for massive payouts. The attacks are getting bolder, more destructive, and harder to contain. As we enter the second half of this already horrendous year of digital attacks and hybrid warfare, here’s a look at some of the worst hacks and breaches so far, and how they might affect us going forward.

2026年明确无误地向我们展示了一点:网络安全已不再是幕后的次要问题,而是处于核心地位,并渗透到了今年几乎每一件重大事件中。诚然,战争仍在肆虐,气候持续恶化,我们似乎随时都可能面临下一场全球大流行病。但在这一切之下,有一股数字暗流触及了方方面面:战争不仅在物理战场上进行,也在数字前线展开;政府将公民自身的数据武器化以对付他们;僵尸网络在暗中破坏民主制度;国家级黑客将目标对准从电网到供水系统的民用基础设施;勒索软件团伙则将企业和机构扣为人质,索要巨额赎金。攻击正变得越来越大胆、更具破坏性,也更难遏制。随着我们进入这个数字攻击与混合战争频发的糟糕年份的下半年,以下是迄今为止一些最严重的黑客攻击和数据泄露事件,以及它们未来可能对我们产生的影响。

Questions of DOGE’s massive swipe of Social Security data linger

关于DOGE大规模窃取社会保障数据的质疑挥之不去

A year on, after operatives with the Elon Musk-led band of government destroyers known as the Department of Government Efficiency (or DOGE) swept through and dismantled federal agencies from the inside out, we’re still learning about the data lapses that happened under their watch. After DOGE entered the Social Security Administration, it remains unclear as to what happened with some of the nation’s most sensitive data, as lawsuits battle on in federal court. The most alarming whistleblower’s claim is that DOGE uploaded a live copy of the Social Security database to an unsecured third-party server, leading to a scramble to understand what was stored in it. This database allegedly contained the Social Security numbers and associated personal information of most living Americans. In court filings, the Social Security Administration doesn’t know for sure what was on the server, but said that the DOGE signed an agreement with an outside political advocacy group under the guise of finding evidence of voter fraud, something that President Trump continues to claim without any evidence. The fears are that the database could be misused to target Americans for spurious reasons. Two of the top House Democrats investigating some of DOGE’s activities at the Social Security Administration said that the exposure of the government’s Social Security database “could very well be the largest data breach in our nation’s history.”

在埃隆·马斯克领导的“政府效率部”(简称DOGE)——这群以摧毁政府机构著称的行动者——横扫并从内部瓦解联邦机构一年后,我们仍在了解其监管下发生的数据泄露事件。在DOGE进入社会保障局(SSA)后,由于联邦法院的诉讼仍在进行,该国一些最敏感的数据究竟发生了什么仍不清楚。最令人震惊的举报人称,DOGE将社会保障数据库的实时副本上传到了一个不安全的第三方服务器上,导致各方争相查明其中存储的内容。据称,该数据库包含了大多数在世美国人的社会保障号码及相关个人信息。在法庭文件中,社会保障局表示无法确定服务器上究竟有什么,但指出DOGE曾以寻找选民欺诈证据为幌子,与一个外部政治倡导团体签署了协议——而特朗普总统在没有任何证据的情况下一直声称存在此类欺诈。人们担心该数据库可能被滥用,从而以虚假理由针对美国公民。两名调查DOGE在社会保障局活动的众议院民主党高层表示,政府社会保障数据库的泄露“很可能是我们国家历史上最大的数据泄露事件”。

Hackers are increasingly targeting water systems and energy grids

黑客日益将目标对准供水系统和能源电网

A rash of cyberattacks across Europe targeting civilian energy and water supplies, like power plants and water dams, has set a troubling trend of late. Several hacks attributed to (or at least in part blamed on) Russia have risked real-world harm to communities and populations. Poland’s energy grid was targeted with computer-destroying malware at the tail end of last year, as well as a Swedish thermal plant and a Norwegian dam that spilled swimming pools’ worth of water. Hackers targeted Poland again earlier this year, this time its water treatment plants, showing that Russia’s hybrid war antagonism continues to extend beyond the digital realm. Now, thanks to the recent war between the U.S. and Israel against Iran, there are warnings that Iranian hackers are targeting critical infrastructure in the United States. This includes privately owned water utilities, which remain a soft target for hackers, often lacking basic cybersecurity protections.

近期,欧洲各地针对民用能源和供水设施(如发电厂和水坝)的一系列网络攻击引发了令人担忧的趋势。几起被归咎于(或至少部分归咎于)俄罗斯的黑客攻击,已对社区和民众造成了现实世界的危害。去年年底,波兰的电网遭到破坏性恶意软件攻击,瑞典的一家热电厂和挪威的一座水坝也遭到攻击,导致大量水体外泄。今年早些时候,黑客再次袭击了波兰,这次的目标是其水处理厂,这表明俄罗斯的混合战争对抗正持续延伸至数字领域之外。现在,由于近期美国和以色列与伊朗之间的战争,有警告称伊朗黑客正将目标对准美国的关键基础设施。这包括私营供水设施,它们往往缺乏基本的网络安全防护,仍是黑客眼中的“软柿子”。

Iranian government hackers struck Stryker with a destructive device hack

伊朗政府黑客利用破坏性设备攻击Stryker

Speaking of Iran, a cyberattack on a U.S. medical tech company, Stryker, in March saw Iranian hackers break in and remotely wipe tens of thousands of employee devices in one fell swoop, causing widespread disruption to the company’s operations for several days. The breach was a marked shift in Iranian hacking tactics at a time of ongoing war in the Middle East, with Iran moving from its typical focus of espionage and hack-and-leak operations in aid of the country’s political gains, toward actively causing destructive hacks in apparent retaliation for the war. The U.S. government attributed the hacking group behind the breach to an arm of Iranian intelligence. The breach ended up having a material impact on Stryker’s first-quarter earnings after regaining control of its systems.

说到伊朗,今年3月,美国医疗技术公司Stryker遭到网络攻击。伊朗黑客入侵并远程清除了数万台员工设备,导致该公司业务中断了数日。这次泄露标志着伊朗黑客战术的显著转变:在中东战争持续的背景下,伊朗已从以往侧重于为国家政治利益服务的间谍活动和“黑客入侵与泄露”行动,转向为报复战争而主动发起破坏性攻击。美国政府将此次泄露背后的黑客组织归咎于伊朗情报部门的一个分支。在重新获得系统控制权后,此次泄露最终对Stryker的第一季度财报产生了实质性影响。

Klue reached a deal with its hackers, but still lost control of its customers’ data

Klue与黑客达成协议,但仍失去了对其客户数据的控制

Market research provider Klue was at the center of a mass data breach that affected close to 200 companies, of which several were cybersecurity giants such as Jamf, HackerOne, and LastPass. It was one of the broadest data breaches of the year, affecting a multitude of Klue’s customers, less than a year after the company laid off half of its staff in favor of doubling down on AI. Klue admitted that the extortion gang, dubbed Icarus, broke into its systems using a credential that it issued in 2022 for a limited pilot, implying that the company had around four years to decommission the credential before it was stolen and used to break into its systems. In the data breach, Klue exposed the keys to its customers’ cloud services, allowing the hackers to break in and steal those stores of data to extort those companies for a ransom. While governments and researchers often urge victims not to pay ransoms to prevent hackers from profiting from cybercrime, Klue told its customers that it had reached an agreement with the hackers not to publish the stolen data — strongly suggesting that it had paid them. But as part of the deal, the hackers conceded that another hacking group also had a portion of Klue’s customers’ data and urged those victim companies not to pay them.

市场研究提供商Klue卷入了一场大规模数据泄露事件,影响了近200家公司,其中包括Jamf、HackerOne和LastPass等网络安全巨头。这是今年波及范围最广的数据泄露事件之一,影响了Klue的大量客户。而就在不到一年前,该公司刚刚裁掉了一半员工,转而全力投入人工智能领域。Klue承认,名为“伊卡洛斯”(Icarus)的勒索团伙利用其在2022年为一项有限试点项目签发的凭证入侵了其系统,这意味着该公司在凭证被盗并用于入侵系统前,有大约四年的时间将其废弃。在此次数据泄露中,Klue泄露了其客户云服务的密钥,使黑客得以入侵并窃取这些数据存储,进而向这些公司勒索赎金。尽管政府和研究人员经常敦促受害者不要支付赎金,以防止黑客从网络犯罪中获利,但Klue告诉客户,它已与黑客达成协议,不公开被盗数据——这强烈暗示该公司已经支付了赎金。但作为协议的一部分,黑客承认另一个黑客组织也掌握了Klue部分客户的数据,并敦促那些受害公司不要向对方支付赎金。

Instructure also falls victim to ShinyHunters’ disruptive hacking campaigns

Instructure也成为ShinyHunters破坏性黑客行动的受害者

The ShinyHunters continued their hacking campaigns, targeting dozens of companies with simple but highly effective… ShinyHunters继续其黑客行动,利用简单但极其有效的方式针对数十家公司……