Cybercrime

FIFA World Cup 2026 faces growing AI and cybersecurity threats

The FIFA World Cup 2026 is not only a football tournament. It is one of the largest digital security tests ever associated with a global public event.

With 48 teams, 104 matches and 16 host cities spread across the USA, Canada and Mexico, the ongoing tournament creates a vast network of stadium systems, ticketing platforms, broadcasters, hotels, transport providers, mobile applications, public Wi-Fi networks, payment systems, and connected devices.

The scale of digital interconnection is unprecedented in the history of international sport.

The Canadian Centre for Cyber Security has warned that the event will almost certainly attract cybercriminals, state-sponsored actors and other threat groups because of its visibility, infrastructure complexity, and broad supplier ecosystem.

Similar concerns have been raised by cybersecurity researchers, government agencies and intelligence analysts, all of whom view the tournament as a high-value target.

Canada warns FIFA World Cup 2026 could face cyberattacks, scams and AI-driven disinformation.

What makes the World Cup 2026 particularly significant is the growing role of AI.

AI will support crowd management, threat detection, cybersecurity operations, content moderation, logistics planning, and fan engagement. Ironically, the same technologies will provide attackers with powerful new tools to automate phishing campaigns, generate convincing deepfakes, conduct fraud operations and spread disinformation at an unprecedented scale.

Perhaps paradoxically, the result is a tournament where AI functions simultaneously as a defensive capability and an offensive weapon.

The largest entertainment attack surface in history

Cybersecurity experts have described the FIFA World Cup 2026 as the ‘largest global entertainment attack surface in history’. The description reflects not only the size of the tournament but also the complexity of its digital ecosystem.

Every match involves interactions between permanent stadium infrastructure, temporary commercial suppliers, cloud service providers, telecommunications operators, transportation networks, emergency services, broadcasters, and millions of fans. Unlike previous tournaments, many of these systems are deeply integrated through digital platforms and real-time data exchanges.

Researchers have noted that the attack surface extends far beyond FIFA’s own networks. Airlines, hotels, payment processors, media organisations, local authorities, ride-sharing platforms and tourism providers all become part of the broader security environment. A successful attack on any of these entities could create disruption that affects the tournament itself.

The Center for Strategic and International Studies (CSIS) has divided the World Cup attack surface into three layers. The first includes direct tournament infrastructure such as stadiums, ticketing systems, and broadcasting operations.

The second includes supporting infrastructure such as telecommunications networks, transportation systems and cloud providers. The third consists of millions of individual devices belonging to players, officials, journalists, sponsors and supporters.

Consequently, a cyber incident does not need to compromise FIFA directly to have significant consequences. A ransomware attack affecting a hotel chain, a denial-of-service attack against a transportation provider, or a breach of a ticketing partner could undermine public confidence and create operational disruption in multiple host cities.

AI-driven cybercrime and financial fraud

The most immediate threat facing supporters is financially motivated cybercrime. Major sporting events have historically attracted fraud schemes, but AI significantly increases their sophistication and reach.

Criminal groups are expected to exploit public interest through phishing campaigns, social engineering operations, fake ticket sales, fraudulent travel packages, malicious mobile applications and counterfeit livestreaming services.

The Canadian Centre for Cyber Security highlighted research indicating that more than 4,300 suspicious World Cup-related domains had already been identified by August 2025.

Generative AI allows attackers to produce convincing communications in multiple languages within seconds. Emails can imitate official FIFA announcements, airline notifications, hotel confirmations or ticketing updates with remarkable accuracy. AI-generated text can eliminate many of the grammatical errors that have traditionally exposed phishing attempts.

The personalisation capabilities of AI further increase effectiveness. Information gathered from social media profiles can be used to create tailored messages targeting specific individuals.

A supporter who has publicly discussed attending a World Cup match may receive a realistic-looking email containing details of a stadium, flight, or accommodation booking.

Cybersecurity researchers also warn about AI-powered chatbots designed to engage victims in extended conversations, gradually building trust before directing them towards malicious websites or fraudulent payment portals.

Such attacks represent an evolution beyond traditional phishing because they can adapt dynamically to the victim’s responses.

Deepfakes, disinformation and information warfare

One of the most significant AI-related concerns surrounding the World Cup is the potential use of deepfake technology and synthetic media.

Deepfakes can generate highly realistic audio, video, and images depicting events that never occurred. During a tournament watched by billions of people, such content could spread rapidly before verification mechanisms have time to respond.

Ball, Football, Soccer, Soccer Ball, Sport, Adult, Male, Man, Person, Computer, Electronics, Laptop, Pc, Cup, Screen, Computer Hardware, Hardware, Accessories, Formal Wear, Tie, Monitor, Phone, Electrical Device, Microphone, Mobile Phone, Book, Publication, Blackboard, People, Face, Head, Gianni Infantino, Lionel Messi

A fabricated video appearing to show a national team manager criticising players, a fake government announcement warning of security threats, or an AI-generated recording supposedly involving FIFA officials could create confusion and damage reputations.

Even brief circulation of false information may influence public perception, financial markets, or security decisions.

Threat actors are very likely to employ AI-generated articles, images and videos during the World Cup tournament. Furthermore, state-sponsored influence operations remain possible, particularly if geopolitical tensions involving participating nations intensify.

The risk is not limited to political manipulation. Criminal groups may use deepfakes to support fraud operations, impersonate public figures or create fake emergency announcements designed to generate panic.

The speed of modern social media platforms means that misleading content can reach millions of users before fact-checking efforts can become effective.

The World Cup, therefore, represents a major test for digital information resilience. Governments, media organisations and technology platforms will need rapid verification capabilities to distinguish authentic content from increasingly sophisticated synthetic media.

Critical infrastructure and operational technology risks

The World Cup’s dependence on critical infrastructure creates another layer of cybersecurity concern.

Electricity grids, water systems, telecommunications networks, transportation infrastructure and emergency communications all support tournament operations. Any disruption affecting these systems could have consequences extending far beyond football matches.

Security researchers have warned that operational technology environments often remain less protected than traditional information technology networks. Many infrastructure systems were designed decades ago, long before cybersecurity became a primary concern.

As digital connectivity expands, vulnerabilities within such systems become increasingly attractive targets.

A cyber-attack on public transportation networks could delay tens of thousands of supporters travelling to World Cup matches. Disruptions affecting telecommunications systems could interfere with emergency coordination, media coverage and public communications.

Attacks targeting stadium access systems could create safety concerns if spectators are unable to enter or exit venues efficiently.

The multinational structure of the tournament further increases its complexity. The US, Canada and Mexico operate under different legal frameworks, cybersecurity standards and regulatory environments.

Effective protection, therefore, requires unprecedented levels of coordination between public authorities and private sector partners in the three countries.

Protecting fan data and digital identities

The FIFA World Cup generates enormous volumes of personal data. Ticket purchases, accommodation bookings, transportation arrangements, mobile applications, loyalty programmes and payment systems all collect information about supporters.

Such datasets are highly attractive to cybercriminals. Personal information can be used for identity theft, financial fraud, account takeovers or targeted phishing campaigns. The concentration of large numbers of international visitors further increases the value of collected data.

Digital ticketing systems present both opportunities and risks. While electronic tickets reduce certain forms of fraud and improve operational efficiency, they also create new attack vectors. Compromised accounts, stolen credentials and fake ticket marketplaces can all exploit digital ticketing ecosystems.

The use of biometric technologies introduces additional challenges. Facial recognition systems may be employed for security screening, venue access or identity verification. Although such technologies can improve efficiency and security, they also raise questions about privacy, consent, data retention, and oversight.

Person, Electronics, Mobile Phone, Phone, Adult, Male, Man, Computer Hardware, Hardware, Monitor, Screen, Guard, Face, Head, Mattia De Sciglio

Maintaining public trust requires transparency regarding how personal information is collected, stored, and protected. Strong cybersecurity measures must be accompanied by clear governance frameworks and accountability mechanisms.

Online abuse and AI moderation

Cybersecurity during the World Cup extends beyond technical attacks. Online abuse, harassment and hate speech represent significant digital risks affecting players, officials and supporters.

Experience from previous tournaments illustrates the scale of the problem. FIFA reported that one in five players participating in the 2023 Women’s World Cup experienced online abuse. Through the Social Media Protection Service, nearly 117,000 comments were hidden or blocked during the competition. Almost half of the abusive messages were classified as sexist, sexual, or homophobic.

The scale of online interaction surrounding the men’s World Cup is expected to be substantially larger. Social media platforms, therefore, face significant pressure to prevent abuse while preserving legitimate expression.

Ofcom has already warned platforms about their responsibilities under the UK Online Safety Act. The regulator expects companies to maintain effective reporting systems, sufficient moderation resources and rapid responses to illegal content.

Tech companies face scrutiny during the FIFA World Cup as Ofcom monitors compliance.

AI will play a central role in content moderation efforts.

Machine learning systems can analyse vast quantities of user-generated content and identify harmful material much faster than human moderators alone. However, AI moderation remains imperfect. Algorithms may struggle with sarcasm, cultural context, local languages or rapidly evolving forms of abuse.

Balancing safety and freedom of expression will remain one of the most challenging governance issues during the World Cup.

AI as a cybersecurity enabler

Despite the risks, AI has become an essential component of modern cybersecurity strategies.

Security operations centres generate enormous volumes of alerts, logs and threat intelligence data. Human analysts alone cannot process this information effectively. AI enables organisations to identify patterns, prioritise risks, and respond more rapidly to emerging threats.

Machine learning systems can detect unusual network behaviour that may indicate malicious activity. AI tools can analyse phishing campaigns, identify fraudulent domains and uncover relationships between seemingly unrelated attacks.

cybersecyrity AI

Automated systems can isolate compromised devices and block suspicious traffic before significant damage occurs.

AI is also becoming increasingly important for threat intelligence. Security teams use machine learning models to analyse information from global threat feeds, identify emerging attack techniques and predict potential risks. During an event as large as the FIFA World Cup, such capabilities may provide critical advantages.

Beyond cybersecurity, AI supports broader security operations. Computer vision systems can monitor crowd movement, identify congestion points, and assist with emergency planning. Predictive analytics can help authorities allocate resources more effectively and improve incident response capabilities.

Nevertheless, AI should be viewed as a force multiplier rather than a replacement for human expertise. Automated systems can produce false positives, miss novel attack methods or be manipulated through adversarial techniques. Human oversight remains essential, particularly when decisions affect public safety and civil liberties.

International cooperation and long-term implications

The cybersecurity challenge facing the World Cup cannot be addressed by FIFA alone. Effective protection requires collaboration among governments, intelligence agencies, law enforcement organisations, cloud providers, telecommunications companies, stadium operators, and cybersecurity firms.

Information sharing will be particularly important. Threat intelligence must move rapidly across organisations and national borders. Attack indicators identified in one host city may become relevant to another within minutes.

Adult, Male, Man, Person, Astronomy, Outer Space, Body Part, Hand, Globe, Planet, Handcuffs

The World Cup also serves as a preview of the future challenges facing large-scale public events. As AI becomes increasingly integrated into infrastructure, transportation, communications and security operations, future tournaments will become even more dependent on digital technologies.

The lessons learned from 2026 are therefore likely to influence cybersecurity planning for future Olympic Games, continental championships, political summits and other international gatherings.

Conclusion

The FIFA World Cup 2026 demonstrates how deeply sport has become intertwined with the digital world. Football remains the centrepiece of the tournament, but its success depends equally on cybersecurity, AI governance and operational resilience.

AI will help protect infrastructure, support threat detection, improve crowd management, and strengthen cyber defence capabilities. At the same time, it will enable more sophisticated phishing campaigns, more convincing deepfakes, more effective disinformation operations and increasingly personalised fraud schemes.

The central challenge is not whether AI should be used. The challenge is how it can be deployed responsibly, securely and transparently within one of the most complex public events ever organised.

Success will depend on balancing innovation with security, automation with human oversight and efficiency with public trust.

The real test for FIFA, host governments and technology providers will be resilience. Cyber incidents are almost inevitable given the scale and visibility of the tournament. What will matter most is the ability to detect threats quickly, limit disruption, recover effectively and maintain public confidence.

Ultimately, the FIFA World Cup 2026 may be remembered as the first truly AI-era World Cup, where cybersecurity, misinformation and digital resilience have become as important as events on the pitch.

As citizens, supporters and digital users, we each have a role to play in protecting the integrity of the information and technologies that increasingly shape our lives.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Five Eyes agencies urge action on AI cyber risk

Five Eyes cybersecurity agencies have urged business and technology leaders to act quickly as AI transforms the cyber landscape.

In a joint statement issued on 22 June, the leaders of the Five Eyes cybersecurity agencies said AI is already changing both offensive and defensive cyber capabilities. They said AI can strengthen cyber defence capabilities, but it is also increasing the speed, scale and sophistication of cyber threats.

The agencies said frontier AI models could surpass current industry expectations and fundamentally reshape cyber capabilities within months rather than years. They warned that AI is lowering barriers for malicious actors and shrinking the time between vulnerability discovery and exploitation.

The statement was signed by cybersecurity leaders from Australia, Canada, New Zealand, the United Kingdom, and the United States. Signatories included the heads of the Australian Cyber Security Centre, the Canadian Centre for Cyber Security, New Zealand’s National Cyber Security Centre, the UK’s National Cyber Security Centre, the US Cybersecurity and Infrastructure Security Agency, and the US National Security Agency’s Cyber Security Directorate.

The agencies said cyber resilience should be treated as a strategic business risk and leadership responsibility rather than solely a technical concern. Boards and executives should ensure that cyber controls are in place and can operate effectively under pressure during real incidents.

The statement urged leaders to assess organisational risk, preparedness and accountability while ensuring cybersecurity remains integrated into broader business decision-making. It also called on organisations to prioritise foundational cybersecurity practices, give cyber leaders sufficient authority and resources, and remain engaged as threats and guidance evolve.

The agencies said secure-by-design and secure-by-default must become standard practice rather than an aspiration. They also said resilience cannot depend on a single technology, making defence in depth essential as AI systems evolve.

The statement warned that new, previously unknown vulnerabilities, including zero-day exploits, will continue to emerge. It said breaches will occur, but preparedness can help organisations contain them quickly and prevent escalation into major operational and financial crises.

The Five Eyes agencies recommended five practical actions for leaders. Organisations should reduce their attack surface by limiting unnecessary access and external connectivity, and should question whether systems need to be exposed at all.

They should also accelerate patching processes because AI is shortening the time between vulnerability discovery and exploitation. Delays in patching can increase risk, especially for operational systems with long update cycles.

The statement also urged organisations to address legacy systems, describing unsupported systems as strategic liabilities rather than only technical debt. Leaders were also told to review and strengthen identity and access controls, enforce strong authentication, and regularly review permissions.

Incident preparation was another priority. The agencies said organisations should test response plans, train teams, and assume breaches will happen, with a focus on fast containment and recovery.

The agencies also encouraged organisations to deploy AI as a defensive tool, using it to identify vulnerabilities, strengthen monitoring and accelerate incident response. Organisations that integrate AI tools into security operations can detect vulnerabilities earlier, improve software quality, monitor unusual behaviour and respond faster to incidents.

The statement said success will not come from having the most tools. Instead, it said organisations should focus on getting the basics right, acting quickly and integrating cyber security into core business strategy.

The Five Eyes agencies said leaders who act now will reduce exposure, strengthen resilience, and build confidence with customers, partners, and investors. Those who delay, they said, will face growing, avoidable risks.

Why does it matter?

The statement reflects growing concern among major cybersecurity agencies that AI is changing the balance between attackers and defenders. By accelerating vulnerability discovery, automating reconnaissance and lowering technical barriers for malicious actors, AI could significantly reduce the time organisations have to identify, patch and mitigate emerging threats.

The warning also signals a broader shift in cybersecurity governance. Rather than treating cyber risk as a technical issue delegated to IT departments, governments increasingly expect boards and senior executives to view cyber resilience as a core organisational responsibility. As AI capabilities advance, secure-by-design systems, rapid patch management, strong identity controls and tested incident response plans are becoming central elements of national and corporate cyber resilience strategies.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Digital harms and child protection drive major Criminal Code reforms in Canada

Canada has enacted new criminal justice legislation aimed at strengthening protections for children, restoring mandatory minimum sentences for serious sexual offences and expanding legal tools to combat online exploitation and digital abuse. The Protecting Victims Act has been presented as a major update to the Criminal Code.

The law increases penalties for offences including sexual abuse, voyeurism, sextortion and the non-consensual sharing of intimate images, including AI-generated or digitally manipulated sexual deepfakes. Authorities have also been given enhanced powers to pursue offenders operating across borders.

Additional provisions extend investigative timeframes and require internet service providers to retain certain data for longer periods, improving access to evidence in cases involving online exploitation and abuse. The legislation also introduces a new criminal offence targeting the recruitment of minors into criminal activity.

Officials said the reforms are intended to strengthen enforcement capabilities and promote greater consistency in sentencing for serious offences, while preserving limited judicial discretion where mandatory penalties would be clearly disproportionate.

Why does it matter?

The reforms reflect how child protection laws are evolving to address increasingly digital forms of exploitation. Offences such as sextortion, non-consensual image sharing and AI-generated sexual deepfakes have created new challenges for law enforcement and courts, requiring legal frameworks that can respond to technology-enabled harms as effectively as traditional offences.

The legislation also highlights a broader policy trend towards stronger investigative powers and cross-border enforcement cooperation in cases involving online abuse. As criminal activity increasingly relies on digital platforms and international networks, governments are seeking new tools to obtain evidence, identify offenders and protect victims while balancing privacy, due process and judicial oversight.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

Cybercriminals exploit World Cup hype with phishing schemes

Cybercriminals are exploiting World Cup interest through fake streaming platforms, phishing campaigns, counterfeit online stores and betting-related scams, according to Kaspersky researchers.

The security company said it had identified more than 336 fake websites designed to imitate official World Cup pages. Many scams target fans looking for cheaper tickets, free match streams or tournament merchandise.

Some fake streaming sites ask users to register and pay for access to matches, sometimes using cryptocurrency. Others collect personal data that can later be used in further phishing attacks.

Kaspersky also identified counterfeit merchandise shops, fraudulent betting schemes and phishing emails promoting fake offers or paid predictions. Some scams rely on urgency, limited-time claims and professional-looking websites to pressure users into sharing payment or personal information.

The company warned that AI-generated websites and more polished scam designs are making fraudulent pages harder to distinguish from legitimate services during high-demand events.

Kaspersky advised fans to use official sources, check website addresses carefully and avoid offers that promise free access, unrealistic discounts or guaranteed betting results.

Why does it matter?

Major sporting events create ideal conditions for online fraud because demand, urgency and emotion are all high. World Cup scams show how criminals combine phishing, fake e-commerce, streaming fraud and social engineering to steal money and personal data. The use of polished or AI-generated websites also reflects a wider challenge for consumer protection: scams are becoming easier to create at scale and harder for users to recognise.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

Sweden warns of growing criminal exploitation of digital payment systems

Sweden’s financial regulator, Finansinspektionen, has warned that organised criminal networks are increasingly exploiting weaknesses in payment systems and digital banking infrastructure. The assessment points to a more challenging risk environment driven by faster transactions, cross-border financial flows and increasing technological complexity.

Financial institutions across the Nordic region are expected to adopt more proactive and intelligence-led compliance approaches.

Retail banks remain primary targets because of their high transaction volumes and role in the initial placement of illicit funds. Criminals rely on shell companies and layered ownership structures to conceal beneficial ownership and bypass standard due diligence.

Regulators now expect stronger analytical capabilities and more robust identity verification processes, particularly within automated onboarding systems that may be vulnerable to fraud and mule-account creation.

Payment service providers and crypto-asset platforms are facing increased scrutiny because they enable the rapid movement of funds across jurisdictions. Authorities stress that real-time screening is now essential, as post-transaction analysis is no longer sufficient.

Crypto-related risks are amplified by mixing tools and decentralised systems, requiring strict origin-of-wealth checks and full compliance with travel rule standards.

Supervisory findings also highlight risks from professional enablers and compromised SMEs used to bypass controls. Insider involvement and distressed businesses can mask illicit activity through seemingly legitimate operations.

Finansinspektionen said stronger sanctions screening, continuous monitoring, and executive-level compliance oversight are essential to address evolving money laundering and illicit financing risks.

Why does it matter? 

The warning reflects a broader shift in financial crime, where criminal organisations increasingly exploit the speed, scale and interconnected nature of modern financial systems. As digital payments, instant transfers and crypto-assets become more widely used, traditional compliance approaches based on retrospective reviews may struggle to keep pace with rapidly moving illicit funds.

The assessment also highlights the growing convergence of financial regulation, cybersecurity and digital governance. Financial institutions are increasingly expected to deploy advanced analytics, real-time monitoring and stronger identity verification controls to detect criminal activity before transactions are completed. Similar regulatory trends are emerging across Europe and other jurisdictions as authorities seek to strengthen resilience against money laundering, fraud and sanctions evasion.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

UK cyber agency warns of growing vulnerability risks from Frontier AI

The UK’s National Cyber Security Centre (NCSC) has issued guidance for network defenders on managing the growing risk associated with software vulnerabilities discovered using Frontier AI.

The guidance states that Frontier AI models represent the most advanced AI systems and have already demonstrated the ability to identify vulnerabilities in software products. According to the NCSC, this has significant implications for the threat landscape because Frontier AI can help both defenders and threat actors identify weaknesses at greater speed and scale. The UK’s National Cyber Security Centre has issued guidance for network defenders on managing the growing risk from software vulnerabilities discovered with Frontier AI.

The guidance states that Frontier AI models represent the most advanced AI systems and have demonstrated the ability to discover vulnerabilities in software products. The NCSC says this has implications for the threat landscape because Frontier AI can help both defenders and threat actors identify weaknesses more quickly.

The NCSC emphasises that organisations using AI for vulnerability discovery should do so within secure and controlled environments. It recommends limiting what the AI system can access, ideally using it only in testing or development environments, running it through a service account with only necessary permissions, and placing it in a sandboxed environment.

Organisations should also consider legal, contractual, and security obligations before using AI-as-a-service tools for vulnerability discovery. Sending source code, intellectual property or other sensitive information to external AI providers could introduce additional security, confidentiality and compliance risks.

The NCSC notes that AI-assisted vulnerability discovery is only effective if organisations have the processes and resources needed to manage the findings. That means having processes for patch management, vulnerability identification, prioritisation, validation, remediation, and reporting, as well as the ability to filter false positives and address root causes rather than only individual flaws.

The NCSC stresses that Frontier AI should complement, rather than replace, human cybersecurity expertise. Staff with experience in cybersecurity or the relevant IT systems should guide and validate AI-based vulnerability discovery to improve speed and accuracy.

The NCSC also warns that threat actors are increasingly using Frontier AI to identify and exploit vulnerabilities, potentially accelerating cyberattack timelines. Frontier AI may reduce the time between discovery and exploitation of newly published vulnerabilities, leaving organisations with less time to patch. The guidance says organisations should therefore adopt an assume-compromised mindset.

The NCSC recommends that organisations meet minimum cybersecurity standards, apply defence-in-depth principles, monitor networks and endpoints for suspicious behaviour and maintain a strong incident response plan.

The guidance also urges organisations to reduce the number of systems exposed to the internet, especially high-risk systems such as admin login panels, legacy systems, and operational technology. Organisations should identify internet-accessible systems and assess whether they need to remain exposed.

The guidance also highlights the growing importance of software supply chain security. Organisations should understand the commercial software, cloud services, open-source software, and dependencies they use, review supplier security and AI assurance policies, apply updates quickly, and use software bills of materials or similar tools to identify vulnerable dependencies.

The NCSC says Frontier AI is likely to be used extensively to discover vulnerabilities in open-source software because source code is accessible. It also notes that open-source supply chains have already been targeted through malware campaigns affecting major packages.

Why does it matter?

The guidance reflects a growing shift in cybersecurity as advanced AI systems become capable of identifying software vulnerabilities at unprecedented speed. While these capabilities can help defenders improve security testing and vulnerability management, they can also enable attackers to discover and exploit weaknesses more quickly, potentially reducing the time organisations have to respond.

The NCSC’s recommendations also point to a broader governance challenge surrounding AI adoption in cybersecurity. Organisations must not only defend against AI-enabled threats but also ensure that their own use of AI tools does not introduce new risks related to sensitive data, software supply chains or overreliance on automated systems. As Frontier AI capabilities continue to improve, cyber resilience will increasingly depend on combining AI-driven analysis with strong human oversight, secure development practices and effective incident response.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

University of Nottingham data breach exposes student and alumni records

The University of Nottingham has confirmed that an external third party accessed a significant amount of data in its student record system during a cyber incident.

The university said the incident affected current students and alums and that it is working with the third-party provider that maintains the affected platform to support a forensic investigation. It has reported the incident to Action Fraud and the Information Commissioner’s Office.

The university has not publicly attributed the attack, but the ShinyHunters extortion group has claimed responsibility. Have I Been Pwned said the breach affected 454,600 accounts and involved tens of gigabytes of data, which was later published online.

According to Have I Been Pwned, the exposed data included names, email addresses, phone numbers, physical addresses, passport numbers, citizenship statuses, dates of birth, academic records, ethnicity, disability information, IP addresses and information relating to enrolments and fee payments.

The university told affected individuals that it was operating on the precautionary assumption that contact information, university-related details, financial information and personal information may have been accessed.

The breach creates risks of identity theft, fraud and follow-up phishing attacks, particularly where exposed records include identity documents, financial data and sensitive personal characteristics.

The University of Nottingham Students’ Union advised students to monitor university communications, use the dedicated support line and remain cautious about unexpected emails, messages or calls.

Why does it matter?

The breach highlights the scale of cyber risk facing higher education institutions, which hold large volumes of sensitive personal, financial and academic data. Exposure of passport numbers, contact details, protected characteristics and payment-related information can create long-term risks for students and alums. The incident also points to the importance of third-party platform security and clear breach communication, especially when student record systems are involved.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

India imposes temporary Telegram ban over exam security concerns

India has restricted access to Telegram until 22 June 2026 ahead of the NEET (UG) 2026 re-examination, citing concerns over exam security and alleged paper leak networks. The decision followed recommendations from the National Testing Agency (NTA), which sought to prevent the misuse of messaging platforms during a high-stakes national examination.

The Ministry of Electronics and Information Technology (MeitY) acted under Section 69A of the Information Technology Act, 2000, citing risks associated with organised cheating networks. Authorities also ordered Telegram to temporarily disable editing of the previously posted messages until 30 June 2026, arguing that the feature had been used to create misleading evidence of alleged paper leaks.

Enforcement efforts follow ongoing investigations coordinated by the Indian Cyber Crime Coordination Centre and state police units, which have previously dismantled multiple fraudulent channels and bot networks. Officials said groups operating under names suggesting exam leaks had demanded significant sums from students and families in exchange for false information.

Why does it matter?

The case illustrates how digital platforms have become a central battleground in efforts to protect the integrity of high-stakes examinations. Messaging applications can facilitate the rapid spread of misinformation, fraudulent schemes and alleged leak networks, prompting authorities to consider increasingly interventionist measures during sensitive national processes.

The decision also raises broader questions about digital governance and platform regulation. By restricting access to a major communication platform and temporarily limiting specific platform features, Indian authorities are signalling a willingness to use digital policy tools to address risks associated with public trust and institutional integrity. The move reflects a wider global debate over the balance between security objectives, platform accountability and access to digital communications.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

INTERPOL report warns of rising cybercrime across Asia-Pacific

INTERPOL has published its 2025/2026 Asia and South Pacific Cyberthreat Assessment Report, covering the period from January 2024 to March 2025. The report documents a rise in cybercrime across the region, attributing the trend to expanding digital infrastructure, the adoption of new technologies and increasingly organised criminal networks.

More than half of the countries surveyed reported that cybercrime accounts for over 30% of all crimes recorded nationally. Phishing and related online scam techniques were identified as the most common and financially damaging forms of cybercrime, with 33 % of surveyed countries recorded over 10,000 such cases.

Neal Jetton, INTERPOL’s Cybercrime Director, said the findings demonstrate how cybercriminals are increasingly exploiting AI, ransomware-as-a-service models and sophisticated social engineering techniques. He noted that operational cooperation, information sharing, and cyber resilience are factors relevant to protecting communities and infrastructure as digital adoption in the region increases.

Growth in internet connectivity, mobile banking, cloud computing, and digital financial services has accompanied this cybercriminal activity, according to the report.

Survey respondents also highlighted challenges for law enforcement, including gaps in specialised forensic tools, cybercrime training and technical capacity. The report also notes differences in cybersecurity capacity across countries.

Some countries have established cybersecurity frameworks and institutional capabilities, while others, including developing countries and small island states, reported resource and capacity constraints.

The report identifies jurisdictions with fragmented enforcement structures, limited technical capabilities, and weaker legislation as more exposed to exploitation by cybercriminal actors.

The report was prepared through the Asia and South Pacific Joint Operations against Cybercrime (ASPJOC) project, funded by the United Kingdom’s Foreign, Commonwealth & Development Office (FCDO). It draws on information submitted by 18 INTERPOL member countries in the Asia and South Pacific region, along with contributions from private sector partners, operational case studies, and analysis of emerging cyber threat trends.

It is one of several regional cyber threat assessments produced by INTERPOL, alongside similar reports covering regions such as Africa. The full report is available from INTERPOL.

Why does this matter?

The report highlights how cybercrime is becoming a major security, economic and governance challenge across Asia and the South Pacific. As countries expand digital infrastructure, online banking, cloud services and digital government initiatives, cybercriminals are finding new opportunities to exploit vulnerabilities and target individuals, businesses and critical sectors.

The findings also illustrate the growing role of AI in cyberspace. While organisations increasingly use AI to strengthen cybersecurity, threat actors are adopting the same technologies to enhance phishing campaigns, generate deepfakes and automate attacks. This accelerating technological competition underscores the importance of international cooperation, cyber capacity-building and information sharing to strengthen resilience across the region.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

US FTC reveals record losses from imposter scams in 2025

The US Federal Trade Commission said consumers reported losing $3.5 billion to imposter scams in 2025, nearly tripling from 2020.

The FTC said imposter scams were the most reported fraud category last year, accounting for nearly one in three fraud reports. Consumers were targeted through text messages, phone calls, email, social media, search engine results and other channels.

Some of the costliest scams began with fake security alerts that often appeared to come from banks. Victims were persuaded to move money to ‘protect’ it, with losses often limited only by the funds they had available.

Consumers reported losing nearly $1 billion to business impersonators in 2025, with the highest losses linked to bank impersonators. Reported losses to government impersonators reached about $920 million, up from $789 million in 2024.

The figures form part of a wider rise in reported fraud losses. The FTC said consumers reported losing about $16 billion to all types of fraud in 2025, the highest figure on record and around 25% higher than in 2024.

The data were released as the FTC, the Department of Justice, the Department of Health and Human Services and members of the Elder Justice Coordinating Council launched the Never Ever campaign. The public-private campaign aims to raise awareness of government and business imposter scams, including scams affecting older adults.

The FTC also pointed to its 2024 Impersonation Rule, which gives the agency stronger tools to pursue scammers impersonating government agencies and businesses. Since the rule was finalised, the FTC said it has brought a dozen enforcement actions and obtained more than $70 million in redress for consumers.

Why does it matter?

Imposter scams exploit trust in digital communications, financial institutions and government services. Fake bank alerts, official-looking messages and multi-channel fraud campaigns can push consumers to act quickly and transfer money before they verify the request. The FTC’s response shows how consumer protection is increasingly combining fraud data, enforcement tools and public education to address digital trust risks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.