Every year, TechCrunch reviews the significant cybersecurity incidents from the past year, focusing on major data breaches and disruptive hacks to extract lessons learned. In 2025, the scale of data breaches was unprecedented.
This overview highlights some of the most notable security incidents of the year:
The U.S. government continued to be a prime target for cyberattacks. The year commenced with a bold attack by Chinese hackers on the U.S. Treasury, followed by breaches of several federal agencies, including one responsible for U.S. nuclear weapons security, due to a SharePoint vulnerability.
Simultaneously, Russian hackers infiltrated the U.S. Courts’ filing system, raising concerns within the federal judiciary.
However, the most significant incident involved the Department of Government Efficiency (DOGE), led by Elon Musk, which conducted an extensive raid on U.S. government data. This operation marked the largest data breach in U.S. history, as DOGE staff disregarded federal protocols and security practices, despite warnings about potential national security risks. Legal experts indicated that DOGE staff could face personal liability under U.S. hacking laws.
Musk’s public fallout with President Trump led to his departure from DOGE, leaving staff concerned about potential federal charges.
In late September, executives at major U.S. corporations received threatening emails from a ransomware group called Clop, which included their personal information and ransom demands. Earlier, Clop had exploited a previously unknown vulnerability in Oracle’s E-Business software, allowing them to steal sensitive employee data from numerous organizations.
Oracle was unaware of the breach until October, when it attempted to address the vulnerability, but by then, extensive data had already been compromised from various sectors, including universities and hospitals.
Clop’s hacking campaign was not isolated; the group had previously targeted enterprise file-transfer services used by tech companies.
Salesforce customers faced significant challenges after two data breaches at partner companies, which resulted in the theft of a billion records stored in Salesforce’s cloud. Hackers accessed data through breaches at Salesloft and Gainsight, affecting numerous major tech firms.
A hacking collective known as Scattered Lapsus$ Hunters advertised stolen records on a data leak site, continuing to attract new victims.
In the U.K., hackers targeted the retail sector, stealing data from Marks & Spencer and over 6.5 million records from the Co-op, causing widespread disruptions. A subsequent attack on luxury retailer Harrods added to the chaos.
A significant cyberattack on Jaguar Land Rover (JLR) severely impacted the U.K. economy. The September breach halted production at JLR’s plant for months, affecting suppliers and leading to a £1.5 billion government bailout to support employees and suppliers during the shutdown. Experts labeled this breach as the most economically damaging cyberattack in U.K. history.
South Korea experienced a series of major data breaches throughout the year, compromising millions of citizens’ personal data due to security failures at major tech and telecom companies. A notable incident involved SK Telecom, where 23 million customer records were exposed. Additionally, a massive data center fire destroyed years of government data.
The most significant breach involved Coupang, a leading retail giant, where the personal information of 33 million customers was stolen over several months, leading to the resignation of the company’s CEO.
—
