Every year, TechCrunch reflects on the most significant cybersecurity challenges of the past 12 months, analyzing major data breaches and disruptive hacks to extract valuable lessons. The year 2025 proved to be particularly severe, witnessing an unprecedented scale of data breaches and cyberattacks across the globe.
Here's a detailed look back at some of the most impactful security incidents of 2025:
U.S. Federal Government Suffers Multiple Breaches
The U.S. government remained a prime target in cyberspace throughout 2025, experiencing several high-profile breaches. The year began with a brazen cyberattack by Chinese hackers on the U.S. Treasury. This was swiftly followed by breaches affecting multiple federal agencies, including the agency responsible for safeguarding U.S. nuclear weapons, exploiting a critical SharePoint security flaw.
Simultaneously, Russian hackers were busy stealing sealed records from the U.S. Courts’ filing system, triggering widespread alarm across the federal judiciary.
However, the most significant incident was the DOGE breach, which ripped through federal government departments and databases, becoming the largest raid of U.S. government data in history.
The Trump administration’s Department of Government Efficiency (DOGE), led by Elon Musk and his team of private sector associates, faced severe criticism. DOGE was found to have violated federal protocols and defied common security practices. Despite warnings about national security risks and conflicts of interest stemming from Musk’s overseas business dealings, DOGE staffers ransacked federal databases containing citizens’ data. Legal experts suggested DOGE staffers could be “personally liable” under U.S. hacking laws, though this would require court agreement.
Musk’s subsequent public falling out with President Trump led to the billionaire’s departure from DOGE, leaving staffers concerned they could face federal charges without his protection.
Clop Ransomware Extorts Dozens of Companies via Oracle E-Business Servers
In late September, senior executives at numerous American corporate giants began receiving threatening emails from Clop, a notorious ransomware and extortion group. These emails included copies of their personal information and demanded several million dollars to prevent public disclosure.
Months prior, the Clop gang had quietly exploited a previously unknown vulnerability in Oracle’s E-Business software. This suite of applications is crucial for hosting core business information, including financial records, human resources data, supply chain details, and customer databases. The vulnerability allowed Clop to steal vast amounts of sensitive employee data, including executive information, from dozens of organizations reliant on Oracle’s software.
Oracle remained unaware of the breach until October, when it was scrambling to patch the vulnerability. By then, it was too late; the hackers had already exfiltrated significant data from universities, hospitals and health systems, media organizations, and more.
This marked Clop’s latest mass-hacking campaign, following previous exploits of flaws in enterprise file-transfer services like GoAnywhere, MOVEit, and Cleo Software, which are commonly used by tech giants to share large volumes of information.
Hacker Collective Steals Over 1 Billion Records from Salesforce Customers
Salesforce customers faced a challenging year due to two distinct data breaches at downstream tech companies, which collectively allowed hackers to steal over a billion records of customer data stored in Salesforce’s cloud.
Hackers specifically targeted at least two companies, Salesloft and Gainsight. Both companies provide services that enable their customers to manage and analyze data stored within Salesforce. By breaching these third-party providers, the attackers gained access to extensive data through their customer connections to Salesforce.
Some of the largest tech giants had their data compromised in these breaches, including Bugcrowd, Cloudflare, Google, Proofpoint, Docusign, GitLab, LinkedIn, SonicWall, and Verizon.
A hacking collective known as Scattered Lapsus$ Hunters, comprising members from various hacking groups including ShinyHunters, launched a data leak site to advertise the stolen records, demanding ransom from victims. New victims continue to emerge.
UK Retail Sector Ransacked, Jaguar Land Rover Operations Disrupted
The U.K. retail sector was severely impacted earlier in the year as hackers stole data from Marks & Spencer and at least 6.5 million customer records from the Co-op. These consecutive hacks caused widespread outages and disruption across retailers’ networks, leading to empty grocery shelves as critical support systems were incapacitated. Luxury department store Harrods also fell victim to a later attack.
A major cyberattack targeting Jaguar Land Rover (JLR), one of the country’s largest employers, inflicted a significant blow to the U.K. economy. A September hack and data breach led to JLR’s car plant stalling production for months as the company struggled to restore its systems.
The fallout affected JLR’s suppliers across the U.K., with some forced out of business. The U.K. government ultimately guaranteed a bailout of £1.5 billion to ensure JLR employees and suppliers were paid during the shutdown. U.K. security experts declared the breach the most economically damaging cyberattack in the United Kingdom’s history, highlighting that disruption can be a more valuable target for financially motivated hackers than stolen data.
South Korea Plagued by Monthly Hacks and Data Breaches
South Korea endured a major data breach every month throughout 2025, resulting in the compromise of millions of its citizens’ personal data. These incidents were largely attributed to security lapses and substandard data practices at the country’s largest tech and phone providers.
SK Telecom, the nation’s largest phone company, was hacked, exposing 23 million customer records. Several cyberattacks were linked to its hostile neighbor, North Korea, and a massive data center fire tragically wiped out years of Korean government data that lacked proper backups.
The most significant incident, however, was the months-long theft of approximately 33 million customers’ personal information from Coupang, the country’s retail giant often dubbed Asia’s Amazon. The data theft commenced in June but went undetected until November, ultimately leading to the resignation of the company’s chief executive.
