Every year, TechCrunch looks back at the cyber horror shows of the past 12 months—from the biggest data breaches to hacks that resulted in weeks of downtime—to see what we can learn. This year, data breaches were unlike anything we’ve seen before.
Here’s our look back at some of the biggest security incidents of 2025, starting with:
The US government has remained one of the biggest targets in cyberspace. The year began with a brazen cyber attack by Chinese hackers on the US Treasury Department, followed by the breach of several federal agencies, including the agency tasked with protecting US nuclear weapons, thanks to a SharePoint security flaw.
All the while, Russian hackers have been stealing sealed files from the US Court filing system, sending alarm bells across the federal judiciary.
But nothing came close to the DOGE ripping apart federal government departments and databases in what became the largest raid of US government data in its history.
The Trump administration’s Department of Government Effectiveness, or DOGE as it was popularly known, led by Elon Musk and his team of private-sector lackeys, violated federal protocols and flouted common security practices. They ransacked federal databases of citizen data, despite warnings of national security risks and conflicts of interest related to Musk’s foreign business dealings. Legal experts say DOGE staff are “personally liable” under US piracy laws, although a court would also have to agree.
Musk’s subsequent, very public spat with President Trump saw the billionaire quit DOGE and left officials fearing they could face federal charges without his protection.
In late September, senior executives at US corporate giants began receiving threatening emails from a prolific ransomware and extortion group called Clop. The emails included an attached copy of their personal information – and a multi-million dollar ransom demand not to publish it.
Months earlier, the Clop gang had quietly exploited a never-before-seen vulnerability in Oracle’s E-Business software, a suite of applications used to host a company’s key business information, such as financial and human resources records, supply chain data and customer databases. The vulnerability allowed Clop to steal reams of sensitive employee data, including data belonging to executives, from dozens of organizations that rely on Oracle software.
Oracle had no idea until it was discovered in October as it was trying to fix the vulnerability. However, it was too late: the hackers had already stolen a lot of data universities, hospitals and health systems, media organizationsand more.
This was Clop’s latest mass hacking campaign. The group had previously exploited flaws in enterprise file transfer services such as GoAnywhere, MOVEit and Cleo Software, which the tech giants use to share large amounts of information over the Internet.
Salesforce customers have had a rough year after two separate data breaches at tech companies allowed hackers to steal a billion records of customer data stored in the Salesforce cloud.
The hackers targeted at least two companies, Salesloft and Gainsight, which allow their customers to manipulate and analyze the data they store in Salesforce.
By directly breaching these companies, the hackers gained access to all the data through their customer connections to Salesforce. Some of the biggest tech giants have had data stolen due to breaches, including Bugcrowd, Cloudflare, Google, Proofpoint, Docusign, GitLab, Linkedin, SonicWall and Verizon.
A hacking collective known as Scattered Lapsus$ Hunters, made up of members from different hacking groups including ShinyHunters, published a data leak website that advertised the stolen files in exchange for a ransom paid by the victims. New victims keep coming in.
Hackers disrupted the UK retail industry earlier this year, stealing data from Marks & Spencer and at least 6.5 million customer records from the Co-op. The ongoing breaches caused outages and disruptions to retailers’ networks, and some grocery shelves were emptied as systems used to support retailers went down. Harrods luxury store it was also hacked later.
But a major cyber attack targeting Jaguar Land Rover, one of the country’s biggest employers, has left a dent in the UK economy. A data breach and data breach in September led to JLR’s car plant halting production for months as the company worked to get its systems back up and running.
The fallout affected JLR’s suppliers across the UK, some of which went out of business. The UK government ended up guaranteeing a £1.5bn bailout to ensure Jaguar Land Rover’s employees and suppliers were paid during the shutdown.
UK security experts said that The breach was the most financially damaging cyber attack to hit the UK in history, showing that disruption can be more valuable to financially motivated hackers than stolen data.
South Korea has experienced a major data breach every month this year, with the personal data of millions of its citizens compromised thanks to security gaps and poor data practices at the country’s largest technology and phone providers.
The country’s largest phone company, SK Telecom, was hacked and 23 million customer records were exposed. Several cyber attacks have been attributed to its hostile North Korean neighbor. and a massive data center fire wiped out Korean government data that was not backed up.
But the icing on the cake for the data breach was the months-long theft of the personal information of some 33 million customers by Coupang, the country’s retail giant that some call the Amazon of Asia. The data theft began in June but was not discovered until November, eventually leading to the resignation of the company’s CEO.
