A Data Breach

It begins with a leaked email address.

Then a password.

Then a social security number. 

In June 2025, medical facility Central Kentucky Radiology reported a data breach that had taken place months prior, in October of 2024. The breach is compromising confidential patient information, including credit and debit card numbers. In the past month alone, the Anne Arundel Dermatology Data Breach put 1.9 million people at risk, leaking patient health records. And even more recently, personal data from 64 million job application files at McDonald’s was exposed from the company’s end of the hiring interface. 

These recent breaches — only a few of many — aren’t isolated instances, but rather symptoms of an expanding vulnerability in our digital infrastructure. And while many data leaks have proven to be harmless thanks to encrypted files or limited access, our data isn’t safe forever. Increasingly, hackers, instead of using private data right away, are storing it in mass repositories and waiting for the right time to attack. 

The field of quantum computing is rapidly advancing, slowly giving hackers the tools they need to decrypt stored data. In fact, experts estimate that within a few decades, quantum computers will be powerful enough to break the processes we rely on to keep our data protected. Already, theoretical algorithms are capable of performing computational tasks at unprecedented speeds. With the right computing power, they threaten to take apart the entire foundation of modern security algorithms. 

So the question is no longer if we’re vulnerable. 

It’s a matter of when. 

Encryption at the Epicenter of Security

Behind every text message sent to a friend, email sent to a colleague, or financial transaction made on a website lies encryption, the heart of our digital trust system. Encryption works by using various math-based algorithms to convert readable plaintext into ciphertext that can’t be understood by just anyone. The encrypted message can only be decrypted and read by the person the data was meant for. 

Our online security relies on widely adopted encryption standards that can’t be cracked by the average computer. Some commonly used standards include RSA (Rivest-Shamir-Adleman  and ECC (Elliptic Curve Cryptography). They depend on mathematical intricacy, such as the difficulty in factoring large numbers or the time complexity in solving an elliptic curve discrete logarithm problem, respectively. 

Until recently, the complexity of these standards hadn’t been challenged. The weakest of the three, RSA, was considered unbreakable, because a classical supercomputer would take trillions of years to prime factorize enormous numbers. With this in mind, our privacy standards were always good enough. 

Enter quantum computing.

Unlike classical bits — the building blocks of digital communication,  which take on values of either 0 or 1, quantum bits, or qubits, can exist in multiple states at once as a result of the property of superposition, and can influence one another instantaneously regardless of position based on the quantum property of entanglement. These properties allow computers using qubits instead of bits to perform calculations in parallel, which exponentially increases their power and speeds up their processing time. 

Quantum algorithms have already been outlined for theoretical use. With a powerful quantum computer, algorithms such as the one outlined by Peter Shor in 1994 could successfully break RSA and other typical encryption standards, rendering mass amounts of once secure data completely transparent. 

While it may take years for actual quantum breakthroughs, this advanced technology threatens to unravel everything we know about digital security. Thus, the quantum countdown begins.

Harvested Today, Hacked Tomorrow 

It’s true that cryptographically relevant quantum computers (CRQCs) won’t be plausible and fully capable for at least a few decades. But postponing preventative measures would be a critical mistake. The threat posed by quantum computing on encryption standards might be tomorrow, but it starts today. 

The value of our data has no expiration date. Years into the future, information we put online today will still be dangerous in the wrong hands. So, groups ranging from espionage associations to cybercrime syndicates practice the Harvest Now, Decrypt Later (HNDL) strategy. Encrypted bank records, healthcare databases, and day-to-day communications are stored once collected, ready to be broken down in seconds by quantum technology once possible. Our data is harvested today, ready for the hackers of tomorrow.

When CRQCs eventually do come online with full capabilities, the damage to our sensitive information (social security numbers, biometric data, defense communications, etc.) will be drastic. Data harvesting is a high-stakes issue, and there’s no way to get back information that’s already been stolen, or to stop it from being taken in the first place. While the development timeline of CRQCs is uncertain, preparation must start now. The consequences of exposed data will be not only personal and widespread, but nearly impossible to recover from. 

Preparing for the Post-Quantum 

In 2016, the National Institute of Standards and Technology (NIST) launched a global effort that recognized quantum computing’s inevitable threat to cryptography. The effort focused on collecting quantum-safe encryption processes to implement globally, and by 2022, they announced a shortlist of candidates ranging from lattice-based algorithms to multivariate ones, all complex enough to withstand even the acuity of quantum attackers. 

From then on, NIST has made strides toward a safer technological future by implementing post-quantum cryptography (PQC). They’ve selected a module-lattice-based key encapsulation mechanism (ML-KEM) as the primary standardized algorithm for quantum-safe encrypting. Back-up algorithms have also been recommended, such as the https://www.nist.gov/news-events/news/2025/03/nist-selects-hqc-fifth-algorithm-post-quantum-encryptionalgorithm in case ML-KEM fails to withstand attacks. 

Another solution being considered by experts is the Quantum Key Distribution (QKD) method. The process entails fighting quantum-level decryption by using quantum mechanics to distribute cryptographic keys, as hinted by the algorithm’s name. Rather than increasing mathematical complexity, which is the case in PQCs, QKD is virtually unbreakable because of the low chance that quantum computers could ever evolve enough to crack it. Despite its brilliance, QKD is also not as practical to standardize due to multiple factors, including slower speeds, higher costs, and the requirement of direct fiber optic cable connections between the parties distributing and receiving encryption keys. Still, it remains on the radar for post-quantum protection.

Defining standardization for encryption at the federal level is critical, but other sensitive data needs to be protected, too. Data regarding our financial transactions, health records, and personal identities live in education databases, small businesses, hospitals, smartphones, and the cloud. Every online system, government or otherwise, should be brought up to post-quantum standards, even if it means undertaking a digital shift that could require years to coordinate.

As we prepare for the post-quantum, we face the uncomfortable reality of the unknown. How much data can we protect in time? And most importantly, when the quantum countdown ends, who gets left behind?

Bigger than Tech

Quantum computing is primarily relevant in the tech industry. It revolves around complex mathematical problems, computational inefficiencies, and an arms race to the perfect solution. But at its core, quantum computing is an ethics issue. It has the potential to magnify divides that already exist, such as between economic and geographic strata. 

Upgrading all global systems to post-quantum encryption has heavy costs. Paying for their protection will become a resource investment some third-world regions can’t afford. Even in the United States, the shift to entirely PCQs might only be feasible for large corporations. So while the wealthy stay ahead of the quantum curve, millions are left behind — those with data floating in underfunded schools, local governments, and public health systems. 

If upgrading encryption standards becomes a luxury good, we risk altering the digital infrastructure entirely. Creating a two-tier system where most of the world’s data is completely exposed widens the digital divide in an unprecedented manner. Those with money and power will gain a surveillance edge against the masses: the public’s private communications and ideas could be untraceably monitored, violating privacy under the pretense of technological advancement. 

Quantum computing is no longer just a tech issue, but a concern regarding who gets the power and who is put at risk in the digital world. 

Conclusion

First, an email address is leaked.

Then a password.

Then a social security number. 

We’ve seen this story before: big data sets are breached, the news breaks in the following months, and the public escapes, for the most part, unscathed. Identities aren’t stolen and bank accounts aren’t drained, and on the surface, everything seems to be fine.

This illusion of safety is the problem. Leaked data is out there — encrypted, but vulnerable. And with each data breach, we risk today’s privacy and surrender tomorrow’s. When the moment comes for quantum computers to uproot today’s encryption standards, in five years or fifty, the fallout will affect every sector of human life, and directly fail the citizens who trusted in the system to protect them. 

So, how do we claim the right to our privacy? 

We start by refusing to wait. By educating internet users on cybersecurity and privacy protocols, pushing companies to upgrade their protection standards, and demanding long-term, resilient and preventative policy shifts on the federal and local level, we prioritize standardizing global encryption ready for the quantum future. 

The data breach ends when we’re no longer vulnerable.