Consumer protection

UK MoD avoids further penalty after data breach

The UK’s data protection regulator has defended its decision not to pursue further action against the Ministry of Defence (MoD) over a serious data breach that exposed personal information of Afghans who assisted British forces.

The Information Commissioner’s Office (ICO) said the incident caused considerable harm but concluded additional investigation would not deliver greater benefit. The office stressed that organisations must handle data with greater care to avoid such damaging consequences.

The breach occurred when a hidden dataset in a spreadsheet was mistakenly shared under the pressures of a UK military operation. While the sender believed only limited data was being released, the spreadsheet contained much more information, some of which was later leaked online.

The ICO has already fined the MoD £350,000 in 2023 over a previous incident related to the Afghan relocation programme. The regulator confirmed that in both cases, the department had taken significant remedial action and committed extensive public resources to mitigate future risk.

Although the ICO acknowledged the incident’s severe impact, including threats to individual lives, it decided not to divert further resources given existing accountability, classified restrictions, and national security concerns.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK and OpenAI deepen AI collaboration on security and public services

OpenAI has signed a strategic partnership with the UK government aimed at strengthening AI security research and exploring national infrastructure investment.

The agreement was finalised on 21 July by OpenAI CEO Sam Altman and science secretary Peter Kyle. It includes a commitment to expand OpenAI’s London office. Research and engineering teams will grow to support AI development and provide assistance to UK businesses and start-ups.

Under the collaboration, OpenAI will share technical insights with the UK’s AI Security Institute to help government bodies better understand risks and capabilities. Planned deployments of AI will focus on public sectors such as justice, defence, education, and national security.

According to the UK government, all applications will follow national standards and guidelines to improve taxpayer-funded services. Peter Kyle described AI as a critical tool for national transformation. ‘AI will be fundamental in driving the change we need to see across the country,’ he said.

He emphasised its potential to support the NHS, reduce barriers to opportunity, and power economic growth. The deal signals a deeper integration of OpenAI’s operations in the UK, with promises of high-skilled jobs, investment in infrastructure, and stronger domestic oversight of AI development.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Replit revamps data architecture following live database deletion

Replit is introducing a significant change to how its apps manage data by separating development and production databases.

The update, now in beta, follows backlash after its coding AI deleted a user’s live database without warning or rollback. Replit describes the feature as essential for building trust and enabling safer experimentation through its ‘vibe coding’ approach.

Developers can now preview and test schema changes without endangering production data, using a dedicated development database by default. The incident that prompted the shift involved SaaStr.

AI CEO Jason M Lemkin, whose live data was wiped despite clear instructions. Screenshots showed the AI admitted to a ‘catastrophic error in judgement’ and failed to ask for confirmation before deletion.

Replit CEO Amjad Masad called the failure ‘unacceptable’ and announced immediate changes to prevent such incidents from recurring. Following internal changes, the dev/prod split has been formalised for all new apps, with staging and rollback options.

Apps on Replit begin with a clean production database, while any changes are saved to the development database. Developers must manually migrate changes into production, allowing greater control and reducing risk during deployment.

Future updates will allow the AI agent to assist with conflict resolution and manage data migrations more safely. Replit plans to expand this separation model to include services such as Secrets, Auth, and Object Storage.

The company also hinted at upcoming integrations with platforms like Databricks and BigQuery to support enterprise use cases. Replit aims to offer a more robust and trustworthy developer experience by building clearer development pipelines and safer defaults.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Teens struggle to spot misinformation despite daily social media use

Misinformation online now touches every part of life, from fake products and health advice to political propaganda. Its influence extends beyond beliefs, shaping actions like voting behaviour and vaccination decisions.

Unlike traditional media, online platforms rarely include formal checks or verification, allowing false content to spread freely.

It is especially worrying as teenagers increasingly use social media as a main source of news and search results. Despite their heavy usage, young people often lack the skills needed to spot false information.

In one 2022 Ofcom study, only 11% of 11 to 17-year-olds could consistently identify genuine posts online.

Research involving 11 to 14-year-olds revealed that many wrongly believed misinformation only related to scams or global news, so they didn’t see themselves as regular targets. Rather than fact-check, teens relied on gut feeling or social cues, such as comment sections or the appearance of a post.

These shortcuts make it easier for misinformation to appear trustworthy, especially when many adults also struggle to verify online content.

The study also found that young people thought older adults were more likely to fall for misinformation, while they believed their parents were better than them at spotting false content. Most teens felt it wasn’t their job to challenge false posts, instead placing the responsibility on governments and platforms.

In response, researchers have developed resources for young people, partnering with organisations like Police Scotland and Education Scotland to support digital literacy and online safety in practical ways.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

New GLOBAL GROUP ransomware targets all major operating systems

A sophisticated new ransomware threat, dubbed GLOBAL GROUP, has emerged on cybercrime forums, meticulously designed to target systems across Windows, Linux, and macOS with cross-platform precision.

In June 2025, a threat actor operating under the alias ‘Dollar Dollar Dollar’ launched the GLOBAL GROUP Ransomware-as-a-Service (RaaS) platform on the Ramp4u forum. The campaign offers affiliates scalable tools, automated negotiations, and generous profit-sharing, creating an appealing setup for monetising cybercrime at scale.

GLOBAL GROUP leverages the Golang language to build monolithic binaries, enabling seamless execution across varied operating environments in a single campaign. The strategy expands attackers’ reach, allowing them to exploit hybrid infrastructures while improving operational efficiency and scalability.

Golang’s concurrency model and static linking make it an attractive option for rapid, large-scale encryption without relying on external dependencies. However, forensic analysis by Picus Security Labs suggests GLOBAL GROUP is not an entirely original threat but rather a rebrand of previous ransomware operations.

Researchers linked its code and infrastructure to the now-defunct Mamona RIP and Black Lock families, revealing continuity in tactics and tooling. Evidence includes a reused mutex string—’Global\Fxo16jmdgujs437’—which was also found in earlier Mamona RIP samples, confirming code inheritance.

The re-use of such technical markers highlights how threat actors often evolve existing malware rather than building from scratch, streamlining development and deployment.

Beyond its cross-platform flexibility, GLOBAL GROUP also integrates modern cryptographic features to boost effectiveness and resistance to detection. It employs the ChaCha20-Poly1305 encryption algorithm, offering both confidentiality and message integrity with high processing performance.

The malware leverages Golang’s goroutines to encrypt all system drives simultaneously, reducing execution time and limiting defenders’ reaction window. Encrypted files receive customised extensions like ‘.lockbitloch’, with filenames also obscured to hinder recovery efforts without the correct decryption key.

Ransom note logic is embedded directly within the binary, generating tailored communication instructions and linking to Tor-based leak sites. The approach simplifies extortion for affiliates while preserving operational security and ensuring anonymous negotiations with victims.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Louis Vuitton Australia confirms customer data breach after cyberattack

Louis Vuitton has admitted to a significant data breach in Australia, revealing that an unauthorised third party accessed its internal systems and stole sensitive client details.

The breach, first detected on 2 July, included names, contact information, birthdates, and shopping preferences — though no passwords or financial data were taken.

The luxury retailer emailed affected customers nearly three weeks later, urging them to stay alert for phishing, scam calls, or suspicious texts.

While Louis Vuitton claims it acted quickly to contain the breach and block further access, questions remain about the delay in informing customers and the number of individuals affected.

Authorities have been notified, and cybersecurity specialists are now investigating. The incident adds to a growing list of cyberattacks on major Australian companies, prompting experts to call for stronger data protection laws and the right to demand deletion of personal information from corporate databases.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

M&S Sparks scheme returns after cyber attack

Marks & Spencer has fully reinstated its Sparks loyalty programme following a damaging cyberattack that disrupted operations earlier this year. The retailer confirmed that online services are back and customers can access offers, discounts, and rewards again.

In April, a cyber breach forced M&S to suspend parts of its IT system and halt Sparks communications. Customers had raised concerns about missing benefits, prompting the company to promise a full recovery of its loyalty platform.

M&S has introduced new Sparks perks to thank users for their patience, including enhanced birthday rewards and complimentary coffees. Staff will also receive a temporary discount boost to 30 percent on selected items this weekend.

Marketing director Sharry Cramond praised staff efforts and customer support during the disruption, calling the recovery a team effort. Meanwhile, according to the UK National Crime Agency, four individuals suspected of involvement in cyber attacks against M&S and other retailers have been released on bail.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Dutch publishers support ethical training of AI model

Dutch news publishers have partnered with research institute TNO to develop GPT-NL, a homegrown AI language model trained on legally obtained Dutch data.

The project marks the first time globally that private media outlets actively contribute content to shape a national AI system.

Over 30 national and regional publishers from NDP Nieuwsmedia and news agency ANP are sharing archived articles to double the volume of high-quality training material. The initiative aims to establish ethical standards in AI by ensuring copyright is respected and contributors are compensated.

GPT-NL is designed to support tasks such as summarisation and information extraction, and follows European legal frameworks like the AI Act. Strict safeguards will prevent content from being extracted or reused without authorisation when the model is released.

The model has access to over 20 billion Dutch-language tokens, offering a diverse and robust foundation for its training. It is a non-profit collaboration between TNO, NFI, and SURF, intended as a responsible alternative to large international AI systems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Co-op confirms massive data breach as retail cyberattacks surge

All 6.5 million members of the Co-op had their personal data compromised in a cyberattack carried out on 30 April, the company’s chief executive has confirmed.

Shirine Khoury-Haq said the breach felt ‘personal’ after seeing the toll it took on IT teams fighting off the intrusion. She spoke in her first interview since the breach, broadcast on BBC Breakfast.

Initial statements from the Co-op described the incident as having only a ‘small impact’ on internal systems, including call centres and back-office operations.

Alleged hackers soon contacted media outlets and claimed to have accessed both employee and customer data, prompting the company to update its assessment.

The Co-op later admitted that data belonging to a ‘significant number’ of current and former members had been stolen. Exposed information included names, addresses, and contact details, though no payment data was compromised.

Restoration efforts are still ongoing as the company works to rebuild affected back-end systems. In some locations, operational disruption led to empty shelves and prolonged outages.

Khoury-Haq recalled meeting employees during the remediation phase and said she was ‘incredibly sorry’ for the incident. ‘I will never forget the looks on their faces,’ she said.

The attackers’ movements were closely tracked. ‘We were able to monitor every mouse click,’ Khoury-Haq added, noting that this helped authorities in their investigation.

The company reportedly disconnected parts of its network in time to prevent ransomware deployment, though not in time to avoid significant damage. Police said four individuals were arrested earlier this month in connection with the Co-op breach and related retail incidents. All have been released on bail.

Marks & Spencer and Harrods were also hit by cyberattacks in early 2025, with M&S still restoring affected systems. Researchers believe the same threat actor is responsible for all three attacks.

The group, identified as Scattered Spider, has previously disrupted other high-profile targets, including major US casinos in 2023.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Fashion sector targeted again as Louis Vuitton confirms data breach

Louis Vuitton Hong Kong is under investigation after a data breach potentially exposed the personal information of around 419,000 customers, according to the South China Morning Post.

The company informed Hong Kong’s privacy watchdog on 17 July, more than a month after its French office first detected suspicious activity on 13 June. The Office of the Privacy Commissioner has now launched a formal inquiry.

Early findings suggest that compromised data includes names, passport numbers, birth dates, phone numbers, email addresses, physical addresses, purchase histories, and product preferences.

Although no complaints have been filed so far, the regulator is examining whether the reporting delay breached data protection rules and how the unauthorised access occurred. Louis Vuitton stated that it responded quickly with the assistance of external cybersecurity experts and confirmed that no payment details were involved.

The incident adds to a growing list of cyberattacks targeting fashion and retail brands in 2025. In May, fast fashion giant Shein confirmed a breach that affected customer support systems.

[Correction] Contrary to some reports, Puma was not affected by a ransomware attack in 2025. This claim appears to be inaccurate and is not corroborated by any verified public disclosures or statements by the company. Please disregard any previous mentions suggesting otherwise.

Security experts have warned that the sector remains a growing target due to high-value customer data and limited cyber defences. Louis Vuitton said it continues to upgrade its security systems and will notify affected individuals and regulators as the investigation continues.

‘We sincerely regret any concern or inconvenience this situation may cause,’ the company said in a statement.

[Dear readers, a previous version of this article highlighted incorrect information about a cyberattack on Puma. The information has been removed from our website, and we hereby apologise to Puma and our readers.]