I had this idea for an adventure. I wanted to post it here so I don't forget it, and also to share it in case anyone else wants to use parts of this.
~
Players investigate a fatal industrial accident in a mining project by a fault line management agency. They discover that the deceased had uncovered a conspiracy: the agency has been slowly infiltrated at multiple levels by members of the suicide cult NostroCramo. This group believes that the world is a simulation, and seeks to crash the simulation to liberate themselves and anyone else who is trapped in it, and they've become convinced that triggering a massive earthquake will do it.
To do so, they've infiltrated the Seismic Management Division of the Pacifican Department of Geology, which is responsible for conducting deep subterranean operations to execute small controlled releases of energy along fault lines. Their plan has been to use the agency's resources to do the exact opposite purpose: instead of modeling out the safest way to release energy, they've been setting up an energy release meant to trigger the biggest possible release along the entire San Andreas fault line ever: the first magnitude 10+ quake.
The players have to investigate the death, discover that the accident was really a murder, uncover the conspiracy, then make their way through mine shafts to disable the charges. They must work their way all the way to the location of the largest charge in a bunker sitting 7 km down within the earth's crust. They can initially be trying to move undetected to avoid motivating the cultists to trigger the charges early, and then later be racing them down to the last and deepest one.
(I'm calling it "Rock-a-bye Baby" for now, although I'm pretty sure I can do better than that. Feel free to suggest cooler names.)
I would second this. I've definitely spent a lot of time with this question.
For my setting, I try to lean into realism. So the first thing we have to ask is what "hacking" means in these situations. Hacking shouldn't be magic.
First, hacking typically looks like using a system in the way it was intended by someone who wasn't intended to use it or in some other modified way. So to break into a CCTV system, ask how proper users would use it, and then how to bypass that.
Second, the more advanced technology gets, the more advanced security gets. Think about what it would take to hack into a CCTV system today. You'd likely need to steal a password to use the actual software or snoop the raw data signal of a camera and then decode it. In the future, this isn't going to be less secure.
So if you wanted to hack into CCTV camera, players should not be able to roll and then see anything anywhere. They should need to find some physical connection and/or find some way to obtain credentials to a remote access system. This could be by forging biometrics of someone with access, tricking someone with access to logging in for them, or finding leaked access credentials online. And all of these should have limitations: how long they can be logged in; what they can do without triggering detection; how long it takes to call files; etc.
These same principles apply to a social media search. It wouldn't really make sense for everyone's data to be readily available to anyone with basic hacking proficiency in some kind of easy database. Assume online privacy moves forward at the same pace or greater than privacy invasion. You can't just type "HACK!" and see someone's real-world location. You could probably find a publicly listed address or maybe find a license plate reading with a time and place. But you're going to have to still do a lot of the conventional investigation work to find someone: figure out where they work, hang out, shop, etc. and look for a point where they slipped up, either in biospace or online.