Every year, TechCrunch looks back at the cybersecurity horrorshows of the past 12 months — from the biggest data breaches to hacks resulting in weeks of disruption — to see what we can learn. This year, the data breaches were like nothing we’ve seen before.
Here’s our look back at some of the biggest security incidents of 2025, starting with:
The U.S. government remained one of the biggest targets in cyberspace. The year started with a brazen cyberattack by Chinese hackers on the U.S. Treasury, followed by the breaching of several federal agencies, including the agency tasked with safeguarding U.S. nuclear weapons, thanks to a SharePoint security flaw.
All the while, the Russian hackers were stealing sealed records from the U.S. Courts’ filing system, sending alarm bells ringing across the federal judiciary.
But nothing quite came as close as DOGE ripping through federal government departments and databases in what became the biggest raid of U.S. government data in its history.
WASHINGTON, DC – MAY 30: Tesla CEO Elon Musk, with a visible black eye, listens as U.S. President Donald Trump speaks to reporters in the Oval Office of the White House on May 30, 2025 in Washington, DC.Image Credits:Kevin Dietsch / Getty Images
The Trump administration’s Department of Government Efficiency, or DOGE as it was widely known, led by Elon Musk and his band of private sector lackeys, violated federal protocols and defied common security practices. They ransacked federal databases of citizens’ data, despite warnings of the national security risks and conflicts of interests over Musk’s overseas business dealings. Legal experts say that DOGE staffers are “personally liable” under U.S. hacking laws, though a court would also have to agree.
Musk’s subsequent, very public falling out with President Trump saw the billionaire leave DOGE, and left staffers fearing that they could face federal charges without his protection.
In late September, senior executives at American corporate giants began receiving threatening emails from a prolific ransomware and extortion group called Clop. The emails included an attached copy of their personal information — and a ransom demand for several million dollars not to publish it.
Months earlier, the Clop gang had quietly exploited a never-before-seen vulnerability in Oracle’s E-Business software, a suite of applications used for hosting a company’s core business information, such as financial and human resources records, supply chain data, and customer databases. The vulnerability allowed Clop to steal reams of sensitive employee data, including data belonging to executives, from dozens of organizations that rely on Oracle’s software.
Oracle had no idea until it was caught out in October as it was scrambling to patch the vulnerability. It was too late, though: the hackers had already stolen gobs of data from universities, hospitals and health systems, media organizations, and more.
This was Clop’s most recent mass-hacking campaign. The group had previously exploited flaws in enterprise file-transfer services, such as GoAnywhere, MOVEit, and Cleo Software, which tech giants use to share large amounts of information over the internet.
Salesforce customers had a rough year after two separate data breaches at downstream tech companies allowed hackers to steal a billion records of customer data stored in Salesforce’s cloud.
Hackers targeted at least two companies, Salesloft and Gainsight, both of which allow their customers to handle and analyze the data that they store in Salesforce.
By breaching these companies directly, the hackers gained access to all of the data through their customer connections to Salesforce. Some of the largest tech giants had data stolen in the breaches, including Bugcrowd, Cloudflare, Google, Proofpoint, Docusign, GitLab, Linkedin, SonicWall and Verizon.
A hacking collective known as Scattered Lapsus$ Hunters, made up of members from different hacking groups, including ShinyHunters, published a data leak site advertising the stolen records in exchange for a ransom paid by the victims. New victims are still rolling in.
Hackers tore through the U.K. retail sector earlier this year, stealing data from Marks & Spencer and at least 6.5 million customer records from the Co-op. The back-to-back hacks sparked outages and disruption across the retailers’ networks, and some grocery shelves went empty as the systems used to support the retailers were knocked out. Luxury store Harrods was also later hacked.
An aerial view of JLR signage at the Jaguar Land Rover vehicle manufacturing plant in Castle Bromwich on September 30, 2025 in Birmingham, United Kingdom, following its hack and data breach.Image Credits:Christopher Furlong / Getty Images
But a major cyberattack targeting Jaguar Land Rover, one of the country’s biggest employers, left a dent in the U.K. e …