Every year, TechCrunch looks back at the cybersecurity horrorshows of the past 12 months \u2014 from the biggest data breaches to hacks resulting in weeks of disruption \u2014 to see what we can learn. This year, the data breaches were like nothing we\u2019ve seen before.\u00a0<\/p>\n
Here\u2019s our look back at some of the biggest security incidents of 2025, starting with:<\/p>\n
The U.S. government remained one of the biggest targets in cyberspace. The year started with a brazen cyberattack by Chinese hackers on the U.S. Treasury, followed by the breaching of several federal agencies, including the agency tasked with safeguarding U.S. nuclear weapons<\/a>, thanks to a SharePoint security flaw. <\/p>\n All the while, the Russian hackers were stealing sealed records from the U.S. Courts\u2019 filing system<\/a>, sending alarm bells ringing across the federal judiciary.<\/p>\n But nothing quite came as close as DOGE ripping through federal government departments and databases in what became the biggest raid of U.S. government data in its history<\/a>.<\/p>\n The Trump administration\u2019s Department of Government Efficiency, or DOGE as it was widely known, led by Elon Musk and his band of private sector lackeys, violated federal protocols<\/a> and defied common security practices<\/a>. They ransacked federal databases of citizens\u2019 data<\/a>, despite warnings of the national security risks<\/a> and conflicts of interests over Musk\u2019s overseas business dealings. Legal experts say that DOGE staffers are \u201cpersonally liable\u201d under U.S. hacking laws, though a court would also have to agree.<\/p>\n Musk\u2019s subsequent, very public falling out with President Trump saw the billionaire leave DOGE, and left staffers fearing that they could face federal charges<\/a> without his protection.<\/p>\n In late September, senior executives at American corporate giants began receiving threatening emails<\/a> from a prolific ransomware and extortion group called Clop. The emails included an attached copy of their personal information \u2014 and a ransom demand for several million dollars not to publish it.<\/p>\n Months earlier, the Clop gang had quietly exploited a never-before-seen vulnerability in Oracle\u2019s E-Business software, a suite of applications used for hosting a company\u2019s core business information, such as financial and human resources records, supply chain data, and customer databases. The vulnerability allowed Clop to steal reams of sensitive employee data, including data belonging to executives, from dozens of organizations<\/a> that rely on Oracle\u2019s software.<\/p>\n Oracle had no idea until it was caught out in October as it was scrambling to patch the vulnerability<\/a>. It was too late, though: the hackers had already stolen gobs of data from universities<\/a>, hospitals and health systems<\/a>, media organizations<\/a>, and more.<\/p>\n This was Clop\u2019s most recent mass-hacking campaign. The group had previously exploited flaws in enterprise file-transfer services, such as GoAnywhere<\/a>, MOVEit<\/a>, and Cleo Software<\/a>, which tech giants use to share large amounts of information over the internet.<\/p>\n Salesforce customers had a rough year after two separate data breaches at downstream tech companies allowed hackers to steal a billion records of customer data stored in Salesforce\u2019s cloud.\u00a0<\/p>\n Hackers targeted at least two companies, Salesloft<\/a> and Gainsight<\/a>, both of which allow their customers to handle and analyze the data that they store in Salesforce.\u00a0<\/p>\n By breaching these companies directly, the hackers gained access to all of the data through their customer connections to Salesforce. Some of the largest tech giants had data stolen in the breaches, including Bugcrowd, Cloudflare, Google, Proofpoint, Docusign, GitLab, Linkedin, SonicWall and Verizon.<\/p>\n A hacking collective known as Scattered Lapsus$ Hunters, made up of members from different hacking groups, including ShinyHunters, published a data leak site advertising the stolen records<\/a> in exchange for a ransom paid by the victims. New victims are still rolling in.<\/p>\n Hackers tore through the U.K. retail sector earlier this year, stealing data from Marks & Spencer<\/a> and at least 6.5 million customer records from the Co-op<\/a>. The back-to-back hacks sparked outages and disruption across the retailers\u2019 networks, and some grocery shelves went empty as the systems used to support the retailers were knocked out. Luxury store Harrods<\/a> was also later hacked.<\/p>\n But a major cyberattack targeting Jaguar Land Rover, one of the country\u2019s biggest employers, left a dent in the U.K. economy. A September hack and data breach<\/a> saw JLR\u2019s car plant stall production for months<\/a> as the company worked to get its systems back up and running.\u00a0<\/p>\n The fallout affected JLR\u2019s suppliers across the U.K., some of whom went out of business altogether. The U.K. government ended up guaranteeing a bailout to the tune of \u00a31.5 billion<\/a> to ensure Jaguar Land Rover employees and suppliers got paid during the shutdown. <\/p>\n U.K. security experts said the breach was the most economically damaging cyberattack<\/a> to hit the United Kingdom in history, showing that disruption may be more valuable for financially motivated hackers than stolen data.<\/p>\n South Korea experienced a major data breach every month this year, and the personal data of millions of its citizens was compromised thanks to security lapses and shoddy data practices at the country\u2019s biggest tech and phone providers.<\/p>\n The country\u2019s largest phone company, SK Telecom, was hacked and 23 million customer records<\/a> were exposed; several cyberattacks were attributed to its hostile North Korean neighbor; and a massive data center fire<\/a> wiped out years of Korean government data that wasn\u2019t backed up.<\/p>\n But the cherry on data breach cake was the months-long theft of some 33 million customers\u2019 personal information from Coupang, the country\u2019s retail giant that some call Asia\u2019s Amazon. The data theft began in June<\/a>, but wasn\u2019t detected until November, and ultimately led to the company\u2019s chief executive<\/a> resigning.<\/p>\n<\/div>\n![\"Tesla](\"https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/12\/data-breaches-doge-2217856070.jpg?w=680\")
![\"BIRMINGHAM,](\"https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/12\/jag-land-rover-2238334107.jpg?w=680\")