alt Hacker NewsThe most obvious one is SIGINT agencies breaking RSA, DSA, ECDSA, ECDH, etc.
Of course, the plan is by the time quantum computers become capable of breaking those algorithms in practice, the industry will have moved to post-quantum cryptography algorithms.
But there will still be legacy systems which haven't, and also encrypted data recorded in the past in the expectation they'd be able to decrypt it in the future.
There seem to be fixes available for crypto. The issue is getting people to implement those fixes. Which, of course, is the issue with getting people to implement a lot of security fixes more broadly.