The most obvious one is SIGINT agencies breaking RSA, DSA, ECDSA, ECDH, etc.
Of course, the plan is by the time quantum computers become capable of breaking those algorithms in practice, the industry will have moved to post-quantum cryptography algorithms.
But there will still be legacy systems which haven't, and also encrypted data recorded in the past in the expectation they'd be able to decrypt it in the future.
There seem to be fixes available for crypto. The issue is getting people to implement those fixes. Which, of course, is the issue with getting people to implement a lot of security fixes more broadly.
Is that actually true in the real world? Or is that some comp sci algorithm dream? I suspect it might be an engineers fallacy where the romantic desire to reduce everything to an algorithm or scalar value that can then be maximized or minimized blinds the engineer to the reality of the situation - the businesses doing route planning already have something thats close enough to optimal so that if the travelling salesman problem was solved, it wouldn't make a material difference to the business.
The algorithm engineer is so in love with the idea that an algorithm is the solution to everyone's problem (its a natural human bias to think the world desires what we have) that they way overweigh the importance of route planning improvements which are incremental or worse - would be thrown away because the practicalities of implementation doesn't warrant the marginal improvements.
Absolutely true in the real world; I was part of a real team that explored quantum optimization algorithms as part of a strategic initiative (my day job is algorithmic optimization on classical computers).
Our problem is similar (but not identical) to the traveling salesman problem. We run on a tight time constraint (measured in days for the complex type and measured in minutes for the simple type).
We're running approximations on classic computers but estimate that we'd save billions if we could reach optimum.
Of course, the plan is by the time quantum computers become capable of breaking those algorithms in practice, the industry will have moved to post-quantum cryptography algorithms.
But there will still be legacy systems which haven't, and also encrypted data recorded in the past in the expectation they'd be able to decrypt it in the future.