From a massive DOGE data breach and the hacking of critical energy and water systems to the hack of an FBI surveillance system, here are the most damaging security incidents and data breaches of 2026.
The cybersecurity company is nearing a $300 million round led by Evolution Equity Partners.
An Israeli cybersecurity firm said Iran’s government is behind Ababil of Minab, a fake hacktivist persona that has claimed a series of data breaches after the start of the war in Iran.
The data breach included names, dates-of-birth, postal addresses, and Social Security numbers, according to a state government listing.
The code hosting giant GitHub said it was investigating a breach, but said there was no evidence of customer data theft.
The New York public healthcare system said hackers stole personal and medical data, and scans of biometrics — including fingerprints — in one of the largest recorded breaches of 2026.
The open source project said hackers stole its codebase and threatened to publish its source code if the company did not pay.
The maker of the Canvas school software said it “reached an agreement” with the hackers, but provided no guarantees that the hackers would not release the data or keep their word.
The cybercrime group ShinyHunters claimed to have hacked Instructure again, defacing the login pages of several Instructure customer schools with an extortion message.
Braintrust, a startup that makes an “operating system for engineers building AI software,” notified customers that hackers broke into one of its Amazon cloud environments, and is asking customers to rotate their API keys.