Hacks, thefts and disruption: The worst data breaches of 2025

Every year, TechCrunch takes a look at the cybersecurity horror shows of the past 12 months — from the biggest data breaches to hacks that led to weeks of disruption — to see what we can learn. This year, data breaches were like nothing we’d seen before.

Here’s a look at some of the biggest security incidents of 2025, starting with:

The US government has remained one of the biggest targets in cyberspace. The year began with a bold cyberattack by Chinese hackers on the US Treasury Department, followed by the hacking of several federal agencies, including the agency charged with protecting US nuclear weapons, thanks to a vulnerability in SharePoint.

Meanwhile, Russian hackers have been stealing sealed records from the US court filing system, setting off alarm bells across the federal judiciary.

But nothing came close to DOGE hacking into federal government departments and databases in what became the largest raid on US government data in its history.

The Trump administration’s Department of Government Efficiency, or DOGE as it was widely known, led by Elon Musk and his band of private sector henchmen, violated federal protocols and challenged common security practices. They ransacked federal databases for citizens’ data, despite warnings of national security risks and conflicts of interest over Musk’s business dealings abroad. Legal experts say DOGE employees are “personally liable” under US hacking laws, though a court would also have to agree.

Musk’s subsequent public falling out with President Trump led to the billionaire’s departure from DOGE, leaving employees fearful that they could face federal charges without his protection.

In late September, senior executives at giant US companies began receiving threatening emails from a prolific ransomware and extortion group called Clop. The emails included an attached copy of their personal information – and a multi-million dollar ransom demand not to publish it.

Months ago, the Clop gang quietly exploited a never-before-seen vulnerability in Oracle’s e-business software, a suite of applications used to host a company’s core business information, such as financial and human resources records, supply chain data, and customer databases. The vulnerability allowed Clop to steal large amounts of sensitive employee data, including executive data, from dozens of organizations that rely on Oracle software.

Oracle had no idea until it was discovered in October that it was scrambling to fix the vulnerability. However, it is too late: hackers have already stolen large amounts of data from universities, hospitals, health systems, media organizations and others.

This was Klopp’s latest mass hacking campaign. The group had previously exploited flaws in enterprise file transfer services, such as GoAnywhere, MOVEit and Cleo Software, which tech giants use to share large amounts of information over the Internet.

Salesforce customers faced a difficult year after two separate data breaches at downstream technology companies allowed hackers to steal a billion records of customer data stored in the Salesforce cloud.

The hackers targeted at least two companies, Salesloft and Ginsight, both of which allow their customers to manipulate and analyze the data they store in Salesforce.

By hacking into these companies directly, the hackers were able to access all of the data through their customers’ connections to Salesforce. Some of the biggest tech giants had their data stolen in the breach, including Bugcrowd, Cloudflare, Google, Proofpoint, Docusign, GitLab, Linkedin, SonicWall, and Verizon.

A hacking group known as Scattered Lapsus$ Hunters, made up of members from various hacking groups, including ShinyHunters, has deployed a data leak site advertising stolen records in exchange for ransoms paid by victims. And new victims keep coming.

Hackers breached the UK retail sector earlier this year, stealing data from Marks & Spencer and at least 6.5 million customer records from the Co-op. Successive hacks led to service outages and disruption across retailer networks, and some grocery shelves became empty as systems used to support retailers were disabled. Luxury department store Harrods was also later hacked.

But the major cyber attack targeting Jaguar Land Rover, one of the country’s largest employers, has left its mark on the UK economy. A hack and data breach in September caused the JLR auto plant to halt production for several months as the company worked to get its systems up and running again.

The fallout has affected Jaguar Land Rover suppliers across the UK, with some going out of business altogether. The UK government ended up securing a bailout worth up to £1.5 billion to ensure Jaguar Land Rover employees and suppliers received their salaries during the lockdown.

British security experts said the hack was the most economically damaging cyberattack to hit the UK in history, showing that disruption may be more valuable to financially motivated hackers than stolen data.

South Korea has seen a major data breach every month this year, and the personal data of millions of its citizens has been put at risk thanks to security vulnerabilities and poor data practices at the country’s largest technology and phone providers.

The country’s largest telephone company, SK Telecom, was hacked, and 23 million customer records were exposed; Several cyber attacks were attributed to its hostile neighbor, North Korea. A massive data center fire erased years of Korean government data that had not been backed up.

But the icing on the data breach cake was the theft of the personal information of about 33 million customers over a period of months from Coupang, the country’s retail giant that some call the Amazon of Asia. The data theft began in June, but was not discovered until November, and ultimately led to the resignation of the company’s CEO.