Six months into 2026, the numbers already read like a bad year’s totals. A single vendor breach reached 62.2 million Americans. One credential-harvesting campaign touched 430,000 firewalls. A compilation of 24 billion stolen records surfaced online. And in late June, a ransomware attack was executed — reconnaissance to encryption — by an AI agent that adapted to failures in 31 seconds.
This is our mid-year accounting of the stories that mattered, drawn from six months of daily coverage, alongside TechCrunch’s own July 7 roundup of the year’s worst breaches.
The half by the numbers:
- 62.2 million — victims in the Conduent breach, now the third-largest healthcare data breach in U.S. history
- 430,000 — Fortinet firewalls targeted by FortiBleed, yielding 110 million credentials
- 646 — ransomware victims posted in May alone, the worst month on record
- 24 billion — stolen records in June’s mega-compilation of credentials and infostealer logs
- 6.99 million — Americans whose driver’s license numbers leaked from a single insurer
- 31 seconds — how fast an AI attack agent went from failed login to working exploit
Seven throughlines define the half.
1. The Breach That Wouldn’t Stop Growing: Conduent Hits 62.2 Million
No story better captures how breach math works than Conduent. When the SafePay ransomware attack on the government services contractor was first disclosed, the count was 10.5 million. By February, we tracked it quietly climbing past 25 million. In June, Conduent’s filing with HHS settled the question: 62,224,658 people — roughly one in five Americans, and the third-largest healthcare data breach in U.S. history, behind only Change Healthcare and Anthem.
The lesson generalizes. Conduent processed claims, printing, and mailing for healthcare and government agencies; most victims never knew the company touched their data. 2026’s biggest breaches keep happening at companies whose names the victims have never heard.
2. FortiBleed: The Edge-Device Siege Becomes a Ransomware Pipeline
The defining technical campaign of the half started with 73,000 compromised Fortinet firewalls in June and kept getting worse. Access to 74,000 FortiGate devices went up for sale. By month’s end, the confirmed scope was 430,000 targeted firewalls and 110 million harvested credentials, intercepted with a custom sniffer abusing FortiOS’s native packet capture and cracked on a 45-GPU cluster.
Then came attribution. In July, an exposed staging server tied the whole operation to INC Ransom and Lynx: a roughly 20-person, Russian-speaking initial access broker whose member was caught logged into both gangs’ affiliate panels simultaneously, with at least 12 ransomware deployments traced to FortiBleed-derived access.
The wider pattern held all half: Citrix Bleed 2 fed Anubis ransomware its 91 victims, CISA flagged actively exploited Lantronix edge devices, a Check Point VPN zero-day triggered an emergency directive after Qilin exploitation, and Ubiquiti closed the half by patching seven critical UniFi flaws, including a CVSS 10.0 with 100,000 instances exposed online. The network edge is now the primary battleground, full stop.
3. AI Enters the Attack Chain for Real
For two years, “AI-powered attacks” mostly meant better phishing emails. The first half of 2026 ended that era. Sysdig’s late-June discovery of JADEPUFFER — the first documented ransomware attack run by an AI agent — showed an LLM exploiting a Langflow server, harvesting credentials, pivoting to a production database, and encrypting 1,342 configuration items while narrating its own reasoning. A human still picked the victim and stood up the infrastructure. The economics changed anyway: the marginal cost of a competent intrusion operator just collapsed.
AI systems also became targets and accomplices. Meta’s AI support bot was manipulated into Instagram account takeovers. And governments moved: the EU published its Action Plan on Cybersecurity and AI in July, ENISA is building a testing platform for AI in critical sectors, and frontier model releases went through government-gated rollouts on both sides of the Atlantic — a regulatory posture that would have been unthinkable eighteen months ago.
4. ShinyHunters’ Year (So Far)
If the half belongs to any single threat actor, it’s ShinyHunters. The group’s vishing-and-Salesforce playbook, refined through 2025, ran at industrial scale: Telus Digital lost a claimed petabyte, Instructure’s Canvas platform was breached twice — with login screens defaced during finals — Medtronic saw 9 million medical device records taken (notifications finally landed this month), and Charter Communications joined Carnival, DentaQuest, Cisco, and even the Council of Europe on the victim list. The group’s Oracle PeopleSoft zero-day showed genuine capability growth beyond social engineering.
TechCrunch’s mid-year list independently ranks Instructure, Charter, and Carnival among the year’s worst — one crew accounts for a measurable share of 2026’s total breach tonnage.
5. Identity Documents Everywhere
A quieter theme with long consequences: 2026 is the year of the leaked identity document. AssuranceAmerica closed the half by confirming 6.99 million driver’s license numbers stolen — the largest American license spill of the year. Texas Parks and Wildlife exposed data on more than 3 million Texans. TechCrunch’s roundup adds a hotel check-in system leaking over a million passport and license scans, a prison payphone provider exposing 300,000 callers’ licenses, and a U.K. visa service leaving passport scans and selfies publicly accessible.
Unlike passwords, these credentials don’t rotate. Every one of these records feeds synthetic identity fraud pipelines that will run for a decade.
6. Destructive Attacks Go Mainstream
The half’s geopolitical throughline was destruction, not theft. Russia-attributed operators deployed wiper malware against Poland’s energy grid, hijacked a Norwegian dam, and probed water treatment systems. Iranian actors went kinetic-adjacent too: Handala’s destructive wipe of tens of thousands of Stryker medical devices through Microsoft Intune, and attacks on California water utilities in retaliation cycles we’ve tracked since the 245% Iranian attack spike.
Meanwhile ransomware’s economics kept mutating: a U.S. government entity paid a $1 million extortion demand to Kairos, May set a record with 646 posted victims, and the supply chain campaign that backdoored Trivy cascaded into Bitwarden, Checkmarx, OpenAI, and Vercel — the Klue breach proving a four-year-old credential can still detonate.
7. The Patch Treadmill Sped Up
CISA’s KEV catalog had a relentless half. SharePoint’s CVE-2026-45659 got a three-day emergency deadline after Warlock ransomware exploitation — six weeks after Microsoft rated it “less likely to be exploited.” A Linux kernel root bug, a cPanel authentication bypass, a Chrome V8 zero-day, and back-to-back CVSS 10.0s in ColdFusion and Joomla page builders all went from disclosure to active exploitation in days. The gap between “patch available” and “patch applied” remains the most reliably monetized vulnerability in security.
The Counterpunch: Law Enforcement’s Half
The defenders scored real points too, and the pattern of the wins matters: takedowns increasingly target infrastructure and money flows rather than individual operators. Operation Endgame’s continued sweeps dismantled SocGholish infrastructure tied to Evil Corp and then the Stealc and Amadey malware operations — hitting the infostealer supply chain that feeds nearly every credential-based intrusion above. Europol’s AUDIA6 operation seized a €336 million crypto laundering network, Germany’s BKA dismantled the Aisuru and Kimwolf botnets, Interpol and Group-IB took down the SniperDz phishing-as-a-service platform, and the DOJ ran a full disruption week against Southeast Asian scam centers.
Individual accountability arrived too — a Yanluowang initial access broker was sentenced, Scattered Spider’s Jubair and Flowers pleaded guilty over the TfL attack — and Canada’s CSIS obtained its first-ever warrant to clean botnet-infected devices, a precedent worth watching. The honest scorecard: takedowns are faster and more coordinated than ever, and total victim counts rose anyway. Disruption is buying time, not victory.
What to Watch in H2 2026
- Agentic attacks multiply. JADEPUFFER was a proof of concept that worked. Expect copycats, and expect the human-in-the-loop share of each intrusion to shrink. Defenders’ detection windows — JADEPUFFER went from failed login to working fix in 31 seconds — must compress to match.
- The Conduent long tail. Class actions, state AG investigations, and the question of whether 62.2 million becomes the new normal for vendor breach scale.
- FortiBleed’s harvest gets spent. 110 million credentials don’t get used all at once. The INC Ransom and Lynx deployments traced so far are the leading edge, not the total.
- ShinyHunters vs. law enforcement. The group’s pace invites the kind of coordinated takedown that hit Scattered Spider’s members. Whether arrests actually slow the vishing playbook is another question.
- Identity document regulation. Seven-figure license spills every month make a federal response — or at least state DMV reissuance reform — increasingly likely.
- AI governance meets reality. The EU’s testing platform and gated frontier rollouts get their first real stress test the moment an agentic attack hits European critical infrastructure.
The first half of 2026 didn’t produce one defining breach. It produced a defining pattern: scale compounding at every layer — victims per breach, credentials per campaign, attacks per operator. The second half starts with all of those curves still pointing up.
Sources
- TechCrunch — Hacked, leaked, and held for ransom: The worst breaches of 2026 so far
- HIPAA Journal — Conduent Business Services Data Breach Affected More Than 62.2 Million Individuals
- Sysdig — JADEPUFFER: Agentic ransomware for automated database extortion
- SOCRadar — FortiBleed Campaign Linked to INC and Lynx Ransomware Operations



