I apologize that this post is not light reading. It’s critically important to know what the threats are so you can avoid becoming a victim.

Although disconcerting, it is crucial to know what has happened in the first half of this year. TechCrunch recently issued a report outlining the worst breaches of 2026—so far:

  • DOGE’s massive swipe of Social Security data (I’ve discussed this  in numerous posts)
  • Hackers increased targeting of water systems and energy grids (discussed here)
  • Iranian government hackers attacking Stryker with a destructive device hack (ditto)
  • ShinyHunters’ disruptive hacking campaign against Instructure, among other targets (ShinyHunters has been a frequent subject of our posts)
  • The supply chain under attack, targeting open-source projects and big tech companies
  • FBI’s surveillance system breach, sparking a “major cyber incident“
  • Hasbro’s hack leading to weeks of downtime
  • Exposure of millions of passports and driver licenses

What can we learn from these trends?

According to TechCrunch, “the attacks are getting bolder, more destructive, and harder to contain.” The trends confirm that as technology advances, so must defenses equally. Cybersecurity measures must be sophisticated enough to block attackers so they will move on to the next victim. A mature cybersecurity posture, both personally and professionally, must be a priority to prevent becoming victimized. In a world of geopolitical discontent, cyber attackers serve as warriors for nation states, and at the same time, our own government is failing to protect our data and our warriors’ data. Unfortunately, the Cybersecurity and Infrastructure Security Agency’s funding has been decimated, so we are left to our own devices (pardon the pun).

We need to take greater responsibility for protecting our own information while demanding stronger safeguards from our government, especially for the sensitive data of current and veteran military personnel. Additionally, private companies must also do more to prevent exposure. Robust cybersecurity programs across individuals, government, and the private sector are essential. This is no longer a future concern; it is reality. Without collective action, the second half of 2026 will bring more of the same.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Read more about Linn Foster Freedman
Show more Show less