Every single year I tell myself the same thing. Surely this is the year things get better. Surely companies have learned by now. Surely 2026 is going to be different.
And then I open the news and see that Qantas got hit, Under Armour got hit, a French government ID agency got hit twice in the same year, and a company that literally sells online safety products also got hacked. At some point you stop calling it bad luck and start asking much harder questions.
So let us talk about what is actually going on. Not the technical jargon version. Not the scary vendor marketing version. Just the real story of what happened, what investigators found when they dug into these messes, and what it all actually means for normal people.
The Numbers First, Because They Are Wild
Before we get into the individual stories, you need to understand the scale of the problem right now.
The average data breach in the United States now costs companies over 10 million dollars. And on average it takes 241 days from the moment an attacker gets in to the moment a company even realizes something is wrong. Concentric AI
241 days. That is eight months. An attacker could get into your systems in January and you would not find out until September. They would have been sitting inside your network, reading your files, watching your emails, mapping everything out, and you would have had zero idea.
That is not a technology failure. That is a visibility failure. And it happens everywhere, all the time.
What Actually Happened This Year
Let us look at some real cases because the details tell you a lot more than statistics ever can.
Qantas, the big Australian airline, got hit by a group called Scattered Lapsus$ Hunters. The company refused to pay the ransom, so the attackers put more than 11 million customer records on the dark web. Names, email addresses, and frequent flyer numbers were all exposed. Proton No payment data, thankfully, but here is the thing that people miss: that kind of data does not expire. Someone with your name, email, and frequent flyer number can run very convincing scam emails against you for years. The breach does not end when the news story ends.
Then there is Under Armour. The company is currently looking into claims that data connected to 72 million customer accounts was posted to a hacker forum, apparently coming from an attack that happened back in November 2025. Bright Defense 72 million people. That is more than the entire population of the United Kingdom. All from one attack that happened months ago and only became widely known recently.
And then there is France. The country's National Agency for Secure Titles, which handles official government ID documents, appears to have been breached. A hacker going by the name breach3d posted that they had obtained around 18 to 19 million records and were putting them up for sale, with the data including full names, email addresses, dates of birth, and in some cases home addresses and phone numbers. Cybernews
The painful part? Security researchers who looked at the data said the format suggested this might be a completely separate incident from a previous breach of the same agency that surfaced in September 2025. Cybernews
Same agency. Hacked. Then hacked again. In less than a year.
At that point it is not a hack. It is a pattern. And the pattern means someone did not actually fix what broke the first time.
So What Does a Forensics Investigation Actually Look Like
When a company gets breached, the first thing that happens is usually panic. Phones start ringing, executives start asking questions nobody can answer yet, and someone says the words "we need to get forensics in here."
What forensics investigators actually do is not glamorous. There is no dramatic moment where someone points at a screen and says "there, that is the packet." It is mostly reading logs, building timelines, and slowly piecing together a story from thousands of tiny digital footprints.
Investigators are trying to figure out who was behind the attack if possible, how they got in, what they did while they were inside, and how much damage was caused. All of that gets written up into a report that both the technical team and lawyers can understand. Proaxis Solutions
The Navia breach is a good example of what this looks like in practice. When investigators went through the logs, they found that the attacker had access to the systems from December 22, 2025 all the way through January 15, 2026. Pkware Over three weeks of access before anyone noticed. During that time the attacker walked out with Social Security numbers, birth dates, account details, and health plan information for millions of people.
Three weeks. In your house. Going through your filing cabinet. And the alarm never went off.
When investigators dig into these cases, they look at where the compromised data came from, who touched it, and every single system it moved through before, during, and after the attack. That trail is what turns a confusing mess of events into something you can actually understand and explain. Concentric AI
The Part Nobody Wants to Admit
Here is where I need to be real with you for a second.
The most common ways attackers get in are stolen credentials, phishing emails, and cloud setups that were not configured correctly. Concentric AI
Not zero day exploits. Not sophisticated nation state tools. Stolen passwords, convincing emails, and servers set up the wrong way.
Google tracked 90 vulnerabilities that were actively being attacked in 2025. Digitalforensicsmagazine Ninety known, documented holes that attackers were using in the real world. And companies still were not patching fast enough.
The gap between "vulnerability found" and "company has actually patched it" is where almost every forensics investigation ends up pointing. That gap is the whole story. That gap is the caseload.
And now things are getting faster. A botnet called RondoDox was found targeting 174 different vulnerabilities and hitting systems with around 15,000 exploitation attempts every single day. Digitalforensicsmagazine Automated tools scanning the entire internet, trying thousands of known weaknesses, waiting for one to work. No human fatigue. No coffee break. Just constant pressure until something gives.
The FBI Director Got Hacked Too, By the Way
Just so you know this is not just a corporate problem: the FBI confirmed that Iranian linked actors broke into FBI Director Kash Patel's personal email account. Digitalforensicsmagazine
The head of the FBI. Personal email. Compromised.
If that does not tell you that absolutely anyone can be a target, I do not know what will. Personal accounts, old accounts, accounts you forgot you had, accounts connected to services you signed up for once in 2019 and never thought about again. All of it is a potential door in.
What Actually Helps
I am not going to end this with the same tired advice about patching your software and turning on two factor authentication. You have heard that a thousand times and the breaches are still happening, so clearly that framing is not working.
What actually makes a difference, based on what forensics investigators keep finding, is whether a company has practiced their response before the attack happened. The organizations that recover quickly are the ones who already knew who to call, what to preserve, how to shut things down, and how to talk to customers and regulators. The ones that fall apart are the ones opening their response plan for the first time on the worst day of their year.
Identifying and containing a breach now takes an average of 241 days, which is the fastest response time in nine years, but still more than long enough for serious damage to happen. Concentric AI Getting that number down is not about better tools. It is about faster recognition, practiced responses, and people who know exactly what to do when things go wrong.
The attackers are faster than ever. They are automated, relentless, and increasingly AI powered. The only answer to that is organizations that are better prepared, not just better defended.
Because being defended is not enough if nobody notices the door was open for eight months.
Thank You……..