Consumer protection

Korean Air employee data breach exposes 30,000 records after cyberattack

Investigators are examining a major data breach involving Korean Air after personal records for around 30,000 employees were exposed in a cyberattack on a former subsidiary.

An incident that affected KC&D Service, which previously handled in-flight catering before being sold to private equity firm Hahn and Company in 2020.

The leaked information is understood to include employee names and bank account numbers. Korean Air said customer records were not impacted, and emergency security checks were completed instead of waiting for confirmation of the intrusion.

Korean Air also reported the breach to the relevant authorities.

Executives said the company is focusing on identifying the full scope of the breach and who has been affected, while urging KC&D to strengthen controls and prevent any recurrence. Korean Air also plans to upgrade internal data protection measures.

The attack follows a similar case at Asiana Airlines last week, where details of about 10,000 employees were compromised, raising wider concerns over cybersecurity resilience across the aviation sector of South Korea.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

New York orders warning labels on social media features

Authorities in New York State have approved a new law requiring social media platforms to display warning labels when users engage with features that encourage prolonged use.

Labels will appear when people interact with elements such as infinite scrolling, auto-play, like counters or algorithm-driven feeds. The rule applies whenever these services are accessed from within New York.

Governor Kathy Hochul said the move is intended to safeguard young people against potential mental health harms linked to excessive social media use. Warnings will show the first time a user activates one of the targeted features and will then reappear at intervals.

Concerns about the impact on children and teenagers have prompted wider government action. California is considering similar steps, while Australia has already banned social media for under-16s and Denmark plans to follow. The US surgeon general has also called for clearer health warnings.

Researchers continue to examine how social media use relates to anxiety and depression among young users. Platforms now face growing pressure to balance engagement features with stronger protections instead of relying purely on self-regulation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Trust Wallet urges update after $7 million hack

Trust Wallet has urged users to update its Google Chrome extension after a security breach affecting version 2.68 resulted in the theft of roughly $7 million. The company confirmed it will refund all impacted users and advised downloading version 2.69 immediately.

Mobile users and other browser extension versions were unaffected.

Blockchain security firms revealed that malicious code in version 2.68 harvested wallet mnemonic phrases, sending decrypted credentials to an attacker‑controlled server.

Around $3 million in Bitcoin, $431 in Solana, and more than $3 million in Ethereum were stolen and moved through centralised exchanges and cross‑chain bridges for laundering. Hundreds of users were affected.

Analysts suggest the incident may involve an insider or a nation-state actor, exploiting leaked Chrome Web Store API keys.

Trust Wallet has launched a support process for victims and warned against impersonation scams. CEO Eowyn Chen said the malicious extension bypassed the standard release checks and that investigation and remediation are ongoing.

The incident highlights ongoing security risks for browser-based cryptocurrency wallets and the importance of user vigilance, including avoiding unofficial links and never sharing recovery phrases.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Phishing scam targets India’s drivers in large-scale e-Challan cyberattack

Cybercriminals are exploiting trust in India’s traffic enforcement systems by using fake e-Challan portals to steal financial data from vehicle owners. The campaign relies on phishing websites that closely mimic official government platforms.

Researchers at Cyble Research and Intelligence Labs say the operation marks a shift away from malware towards phishing-based deception delivered through web browsers. More than 36 fraudulent websites have been linked to the campaign, which targets users across India through SMS messages.

Victims receive alerts claiming unpaid traffic fines, often accompanied by warnings of licence suspension or legal action. The messages include links directing users to fake portals displaying fabricated violations and small penalty amounts, with no connection to government databases.

The sites restrict payments to credit and debit cards, prompting users to enter full card details. Investigators found that repeated payment attempts allow attackers to collect multiple sets of sensitive information from a single victim.

Researchers say the infrastructure is shared with broader phishing schemes that impersonate courier services, banks, and transportation platforms. Security experts advise users to verify fines only through official websites and to avoid clicking on links in unsolicited messages.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

La Poste suffers DDoS attack as Noname057 claims responsibility

Authorities in France are responding to a significant cyber incident after a pro-Russian hacker group, Noname057, claimed responsibility for a distributed denial-of-service attack on the national postal service, La Poste.

The attack began on 22 December and forced core computer systems offline, delaying parcel deliveries during the busy Christmas period instead of allowing normal operations to continue.

According to reports, standard letter delivery was not affected. However, postal staff lost the ability to track parcels, and customers experienced disruptions when using online payment services connected to La Banque Postale.

Recovery work was still underway several days later, underscoring the increasing reliance of critical services on uninterrupted digital infrastructure.

Noname057 has previously been linked to cyberattacks across Europe, mainly targeting Ukraine and countries seen as supportive of Kyiv instead of neutral states.

Europol led a significant operation against the group earlier in the year, with the US Department of Justice also involved, highlighting growing international coordination against cross-border cybercrime.

The incident has renewed concerns about the vulnerability of essential logistics networks and public-facing services to coordinated cyber disruption. European authorities continue to assess long-term resilience measures to protect citizens and core services from future attacks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU targets addictive gaming features

Video gaming has become one of Europe’s most prominent entertainment industries, surpassing a niche hobby, with over half the population regularly engaging in it.

As the sector grows, the EU lawmakers are increasingly worried about addictive game design and manipulative features that push players to spend more time and money online.

Much of the concern focuses on loot boxes, where players pay for random digital rewards that resemble gambling mechanics. Studies and parliamentary reports warn that children may be particularly vulnerable, with some lawmakers calling for outright bans on paid loot boxes and premium in-game currencies.

The European Commission is examining how far design choices contribute to digital addiction and whether games are exploiting behavioural weaknesses rather than offering fair entertainment.

Officials say the risk is higher for minors, who may not fully understand how engagement-driven systems are engineered.

The upcoming Digital Fairness Act aims to strengthen consumer protection across online services, rather than leaving families to navigate the risks alone. However, as negotiations continue, the debate over how tightly gaming should be regulated is only just beginning.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Court blocks Texas app store law as Apple halts rollout

Apple has paused previously announced plans for Texas after a federal judge blocked a new age-verification law for app stores. The company said it will continue to monitor the legal process while keeping certain developer tools available for testing.

The law, known as the App Store Accountability Act, would have required app stores to verify user ages and obtain parental consent for minors. It also mandated that age data be shared with app developers, a provision criticised by technology companies on privacy grounds.

A US judge halted enforcement of the law, citing First Amendment concerns, ahead of its planned January rollout. Texas officials said they intend to appeal the decision, signalling that the legal dispute is likely to continue.

Apple had announced new requirements to comply with the law, including mandatory Family Sharing for users under 18 and renewed parental consent following significant app updates. Those plans are now on hold following the ruling.

Apple said its age-assurance tools remain available globally, while reiterating concerns that broad data collection could undermine user privacy. Similar laws are expected to take effect in other US states next year.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Digital rules dispute deepens as US administration avoids trade retaliation

The US administration is criticising foreign digital regulations affecting major online platforms while avoiding trade measures that could disrupt the US economy. Officials say the rules disproportionately impact American technology companies.

US officials have paused or cancelled trade discussions with the UK, the EU, and South Korea. Current negotiations are focused on rolling back digital taxes, privacy rules, and platform regulations that Washington views as unfair barriers to US firms.

US administration officials describe the moves as a negotiating tactic rather than an escalation toward tariffs. While trade investigations into digital practices have been raised as a possibility, officials have stressed that the goal remains a negotiated outcome rather than a renewed trade conflict.

Technology companies have pressed for firmer action, though some industry figures warn that aggressive retaliation could trigger a wider digital trade war. Officials acknowledge that prolonged disputes with major partners could ultimately harm both US firms and global markets.

Despite rhetorical escalation and targeted threats against European companies, the US administration has so far avoided dismantling existing trade agreements. Analysts say mounting pressure may soon force Washington to choose between compromise and more concrete enforcement measures.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU crypto tax reporting rules take effect in January

The European Union’s new tax-reporting directive for crypto assets, known as DAC8, takes effect on 1 January. The rules require crypto-asset service providers, including exchanges and brokers, to report detailed user and transaction data to national tax authorities.

DAC8 aims to close gaps in crypto tax reporting, giving authorities visibility over holdings and transfers similar to that of bank accounts and securities. Data collected under the directive will be shared across EU member states, enabling a more coordinated approach to enforcement.

Crypto firms have until 1 July to ensure full compliance, including implementing reporting systems, customer due diligence procedures, and internal controls. After that deadline, non-compliance may result in penalties under national law.

For users, DAC8 strengthens enforcement powers. Authorities can act on tax avoidance or evasion with support from counterparts in other EU countries, including seizing or embargoing crypto assets held abroad.

The directive operates alongside the EU’s Markets in Crypto-Assets (MiCA) regulation, which focuses on licensing, customer protection, and market conduct, while DAC8 ensures the tax trail is monitored.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU credits DMA as Apple opens iOS 26.3 to third-party accessories

The European Commission has welcomed Apple’s latest interoperability updates in iOS 26.3, crediting the Digital Markets Act for compelling the company to open its ecosystem.

The new features are currently in beta and allow third-party accessories to integrate more smoothly with iPhones and iPads, instead of favouring Apple’s own devices.

Proximity pairing will let headphones and other accessories connect through a simplified one-tap process, similar to AirPods. Notification forwarding to non-Apple wearables will also become available, although alerts can only be routed to one device at a time.

Apple is providing developers with the tools needed to support the features, which apply only within the EU.

The DMA classifies Apple as a gatekeeper and requires fairer access for rivals, with heavy financial penalties for non-compliance.

Apple has repeatedly warned that the rules risk undermining security and privacy, yet the company has already introduced DMA-driven changes such as allowing alternative app stores and opening NFC access.

Analysts expect the moves to reduce ecosystem lock-in and increase competition across the EU market. iOS 26.3 is expected to roll out fully across Europe from 2026 following the beta cycle, while further regulatory scrutiny may push Apple to extend interoperability even further.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!