Every year, TechCrunch looks back at the cybersecurity horrorshows of the past 12 months — from the biggest data breaches to hacks resulting in weeks of disruption — to see what we can learn. This year, the data breaches were like nothing we’ve seen before.
Here’s our look back at some of the biggest security incidents of 2025, starting with:
The U.S. government remained one of the biggest targets in cyberspace. The year started with a brazen cyberattack by Chinese hackers on the U.S. Treasury, followed by the breaching of several federal agencies, including the agency tasked with safeguarding U.S. nuclear weapons, thanks to a SharePoint security flaw.
All the while, the Russian hackers were stealing sealed records from the U.S. Courts’ filing system, sending alarm bells ringing across the federal judiciary.
But nothing quite came as close as DOGE ripping through federal government departments and databases in what became the biggest raid of U.S. government data in its history.
The Trump administration’s Department of Government Efficiency, or DOGE as it was widely known, led by Elon Musk and his band of private sector lackeys, violated federal protocols and defied common security practices. They ransacked federal databases of citizens’ data, despite warnings of the national security risks and conflicts of interests over Musk’s overseas business dealings. Legal experts say that DOGE staffers are “personally liable” under U.S. hacking laws, though a court would also have to agree.
Musk’s subsequent, very public falling out with President Trump saw the billionaire leave DOGE, and left staffers fearing that they could face federal charges without his protection.
In late September, senior executives at American corporate giants began receiving threatening emails from a prolific ransomware and extortion group called Clop. The emails included an attached copy of their personal information — and a ransom demand for several million dollars not to publish it.
Months earlier, the Clop gang had quietly exploited a never-before-seen vulnerability in Oracle’s E-Business software, a suite of applications used for hosting a company’s core business information, such as financial and human resources records, supply chain data, and customer databases. The vulnerability allowed Clop to steal reams of sensitive employee data, including data belonging to executives, from dozens of organizations that rely on Oracle’s software.
Oracle had no idea until it was caught out in October as it was scrambling to patch the vulnerability. It was too late, though: the hackers had already stolen gobs of data from universities, hospitals and health systems, media organizations, and more.
This was Clop’s most recent mass-hacking campaign. The group had previously exploited flaws in enterprise file-transfer services, such as GoAnywhere, MOVEit, and Cleo Software, which tech giants use to share large amounts of information over the internet.
Salesforce customers had a rough year after two separate data breaches at downstream tech companies allowed hackers to steal a billion records of customer data stored in Salesforce’s cloud.
Hackers targeted at least two companies, Salesloft and Gainsight, both of which allow their customers to handle and analyze the data that they store in Salesforce.
By breaching these companies directly, the hackers gained access to all of the data through their customer connections to Salesforce. Some of the largest tech giants had data stolen in the breaches, including Bugcrowd, Cloudflare, Google, Proofpoint, Docusign, GitLab, Linkedin, SonicWall and Verizon.
A hacking collective known as Scattered Lapsus$ Hunters, made up of members from different hacking groups, including ShinyHunters, published a data leak site advertising the stolen records in exchange for a ransom paid by the victims. New victims are still rolling in.
Hackers tore through the U.K. retail sector earlier this year, stealing data from Marks & Spencer and at least 6.5 million customer records from the Co-op. The back-to-back hacks sparked outages and disruption across the retailers’ networks, and some grocery shelves went empty as the systems used to support the retailers were knocked out. Luxury store Harrods was also later hacked.
But a major cyberattack targeting Jaguar Land Rover, one of the country’s biggest employers, left a dent in the U.K. economy. A September hack and data breach saw JLR’s car plant stall production for months as the company worked to get its systems back up and running.
The fallout affected JLR’s suppliers across the U.K., some of whom went out of business altogether. The U.K. government ended up guaranteeing a bailout to the tune of £1.5 billion to ensure Jaguar Land Rover employees and suppliers got paid during the shutdown.
U.K. security experts said the breach was the most economically damaging cyberattack to hit the United Kingdom in history, showing that disruption may be more valuable for financially motivated hackers than stolen data.
South Korea experienced a major data breach every month this year, and the personal data of millions of its citizens was compromised thanks to security lapses and shoddy data practices at the country’s biggest tech and phone providers.
The country’s largest phone company, SK Telecom, was hacked and 23 million customer records were exposed; several cyberattacks were attributed to its hostile North Korean neighbor; and a massive data center fire wiped out years of Korean government data that wasn’t backed up.
But the cherry on data breach cake was the months-long theft of some 33 million customers’ personal information from Coupang, the country’s retail giant that some call Asia’s Amazon. The data theft began in June, but wasn’t detected until November, and ultimately led to the company’s chief executive resigning.