FIPS 140-2 is no longer the current standard. Governments systems are now using FIPS 140-3. There are some important differences, but it's over my head. I don't think FIPS 140-3 has been hacked. Much of the private sector uses AES-256, which I believe is stronger than FIPS-140. But at least in theory, any of these types of encryption can be cracked with a brute force attack, i.e., if you just try enough different passwords. Yes, this works only if you have certain parameters to work with, i.e., you know the length of the password, and then you have to have the time and computing resources. Experts have previously claimed that certain types of encryption would take decades or even centuries to crack because there are so many possible combinations of passwords. But modern supercomputers have enough capacity that the length of time has been reduced to something that may be manageable. The real weakness that they exploited in this particular hack was finding a way to circumvent that self-destruction after 10 failed attempts.
Hackers Finally Break IronKey S200 USB Drive and Could Soon Unlock $238 Million in Bitcoin (bitdefender.com)