Retailers face escalating cyber threats as hackers increasingly target customer data, eroding trust and damaging long-term brand value.
Deloitte warns that data breaches and ransomware attacks are becoming more frequent and costly, with some retailers facing losses reaching hundreds of millions, alongside declining consumer confidence.
The expansion of AI-driven personalisation has intensified privacy concerns, as customers weigh convenience against data protection.
While many shoppers accept sharing personal information in exchange for value, confidence depends on clear safeguards, transparent data use and credible security practices across digital channels.
Deloitte argues that leading retailers integrate cybersecurity into their core business strategy, rather than treating it as a compliance obligation.
Priorities include protecting critical digital assets, modernising security operations and building cyber-aware cultures capable of responding to AI-enabled fraud, preserving customer trust and sustaining revenue growth.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Cybersecurity researchers are urging greater caution as Christmas approaches, warning that seasonal scams are multiplying rapidly. Check Point has recorded over 33,500 festive phishing emails and more than 10,000 deceptive social ads within two weeks.
AI tools are helping criminals craft convincing messages that mirror trusted brands and local languages. Attackers are also deploying fake e-commerce sites with AI chatbots, as well as deepfake audio and scripted calls to strengthen vishing attempts.
Smishing alerts imitating delivery firms are becoming more widespread, with recent months showing a marked rise in fraudulent parcel scams. Victims are often tricked into sharing payment details through links that imitate genuine logistics updates.
Experts say fake shops and giveaway scams remain persistent risks, frequently launched from accounts created within the past three months. Users are being advised to ignore unsolicited links, verify retailers and treat unexpected offers with scepticism.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Amazon has published the most frequently asked questions to its Alexa virtual assistant during 2025, providing insight into how people interact with voice-activated AI throughout the year.
Practical questions, such as cooking tips like ‘How long do I poach an egg for?’ and basic science queries like the diameter of Earth, topped the list, showing that many users rely on Alexa for everyday information.
The report also revealed regional and topical variety: in Australia, users asked about sleep help and food classification (e.g. whether a tomato is a fruit), while global queries included questions about celebrities’ heights, weights and net worth.
One of the year’s most frequently asked questions was ‘What does AI stand for?’, indicating ongoing curiosity about the technology that powers the assistant itself. Music and entertainment featured prominently, with Taylor Swift identified as the most played artist of the year and the song ‘APT’ cited as the most played track in multiple regions.
These usage patterns reflect how voice assistants have become integrated into daily routines, from practical tasks to leisure and curiosity-driven searches.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The third UK-EU Cyber Dialogue was held in Brussels on 9 and 10 December 2025, bringing together senior officials under the UK-EU Trade and Cooperation Agreement to strengthen cooperation on cybersecurity and digital resilience.
The meeting was co-chaired by Andrew Whittaker from the UK Foreign, Commonwealth and Development Office and Irfan Hemani from the Department for Science, Innovation and Technology, alongside EU representatives from the European External Action Service and the European Commission.
Officials from Europol and ENISA also participated, reinforcing operational and regulatory coordination rather than fragmented policy approaches.
Discussions covered cyber legislation, deterrence strategies, countering cybercrime, incident response and cyber capacity development, with an emphasis on maintaining strong security standards while reducing unnecessary compliance burdens on industry.
Both sides confirmed that the next UK-EU Cyber Dialogue will take place in London in 2026.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
US credit reporting company 700Credit has confirmed a data breach affecting more than 5.6 million individuals after attackers exploited a compromised third-party API used to exchange consumer data with external integration partners.
An incident that originated from a supply chain failure after one partner was breached earlier in 2025 and failed to notify 700Credit.
The attackers launched a sustained, high-volume data extraction campaign starting on October 25, 2025, which operated for more than two weeks before access was shut down.
Around 20 percent of consumer records were accessed, exposing names, home addresses, dates of birth and Social Security numbers, while internal systems, payment platforms and login credentials were not compromised.
Despite the absence of financial system access, the exposed personal data significantly increases the risk of identity theft and sophisticated phishing attacks impersonating credit reporting services.
The breach has been reported to the Federal Trade Commission and the FBI, with regulators coordinating responses through industry bodies representing affected dealerships.
Individuals impacted by the incident are currently being notified and offered two years of free credit monitoring, complimentary credit reports and access to a dedicated support line.
Authorities have urged recipients to act promptly by monitoring their credit activity and taking protective measures to minimise the risk of fraud.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
SoundCloud has confirmed a recent security incident that temporarily affected platform availability and involved the limited exposure of user data. The company detected unauthorised activity on an ancillary service dashboard and acted immediately to contain the situation.
Third-party cybersecurity experts were engaged to investigate and support the response. The incident resulted in two brief denial-of-service attacks, temporarily disrupting web access.
Approximately 20% of users were affected; however, no sensitive data, such as passwords or financial details, were compromised. Only email addresses and publicly visible profile information were involved.
In response, SoundCloud has strengthened its systems, enhancing monitoring, reviewing identity and access controls, and auditing related systems. Some configuration updates have led to temporary VPN connectivity issues, which the company is working to resolve.
SoundCloud emphasises that user privacy remains a top priority and encourages vigilance against phishing. The platform will continue to provide updates and take steps to minimise the risk of future incidents.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The UK government has announced plans to bring cryptoassets firmly within the regulatory perimeter, aiming to support innovation while strengthening consumer protection and attracting long-term investment into the sector.
From 2027, cryptoasset firms will be regulated by the Financial Conduct Authority under rules similar to those governing traditional financial products, such as stocks and shares. The move is intended to provide legal clarity and increase confidence among consumers and businesses.
The initiative forms part of a broader strategy to shape global crypto standards, including ongoing cooperation with the United States through the Transatlantic Taskforce, as the UK seeks to secure its role in the future of digital finance.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Musicians are raising the alarm over AI-generated tracks appearing on their profiles without consent, presenting fraudulent work as their own. British folk artist Emily Portman discovered an AI-generated album, Orca, on Spotify and Apple Music, which copied her folk style and lyrics.
Fans initially congratulated her on a release she had not made since 2022.
Australian musician Paul Bender reported a similar experience, with four ‘bizarrely bad’ AI tracks appearing under his band, The Sweet Enoughs. Both artists said that weak distributor security allows scammers to easily upload content, calling it ‘the easiest scam in the world.’
A petition launched by Bender garnered tens of thousands of signatures, urging platforms to strengthen their protections.
AI-generated music has become increasingly sophisticated, making it nearly impossible for listeners to distinguish from genuine tracks. While revenues from such fraudulent streams are low individually, bots and repeated listening can significantly increase payouts.
Industry representatives note that the primary motive is to collect royalties from unsuspecting users.
Despite the threat of impersonation, Portman is continuing her creative work, emphasising human collaboration and authentic artistry. Spotify and Apple Music have pledged to collaborate with distributors to enhance the detection and prevention of AI-generated fraud.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Russian lawmakers have reiterated that cryptocurrencies will not be recognised as money, maintaining a strict ban on their use for domestic payments while allowing limited application as investment assets.
Anatoly Aksakov, head of the State Duma Committee on the Financial Market, emphasised that all payments within Russia must be conducted in rubles, echoing the central bank’s long-standing stance against the use of cryptocurrencies in internal settlements.
At the same time, legislative proposals point to a more nuanced legal approach. A bill submitted by United Russia lawmaker Igor Antropenko seeks to recognise cryptocurrencies as marital property, classifying digital assets acquired during marriage as jointly owned in divorce proceedings.
The proposal reflects the growing adoption of cryptocurrency in Russia, where digital assets are increasingly used for investment and savings. It also aligns family law with broader regulatory shifts that permit the use of crypto in foreign trade under an experimental framework.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Researchers from Anthropic, the UK AI Security Institute and the Alan Turing Institute have shown that only a few hundred crafted samples can poison LLM models. The tests revealed that around 250 malicious entries could embed a backdoor that triggers gibberish responses when a specific phrase appears.
Models ranging from 600 million to 13 billion parameters (such as Pythia) were affected, highlighting the scale-independent nature of the weakness. A planted phrase such as ‘sudo’ caused output collapse, raising concerns about targeted disruption and the ease of manipulating widely trained systems.
Security specialists note that denial-of-service effects are worrying, yet deceptive outputs pose far greater risk. Prior studies already demonstrated that medical and safety-critical models can be destabilised by tiny quantities of misleading data, heightening the urgency for robust dataset controls.
Researchers warn that open ecosystems and scraped corpora make silent data poisoning increasingly feasible. Developers are urged to adopt stronger provenance checks and continuous auditing, as reliance on LLMs continues to expand for AI purposes across technical and everyday applications.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
