Cybercrime

Legal aid data breach affects UK applicants

The UK Ministry of Justice has confirmed a serious cyber-attack on its Legal Aid Agency, first detected on 23 April and revealed to be more extensive on 16 May. Investigators found that a wide range of personal details belonging to applicants dating back to 2010 were accessed.

The breach has prompted urgent security reviews and cooperation with the National Cyber Security Centre. Stolen information may include names, addresses, dates of birth, national ID numbers, criminal histories, employment records and financial data such as debts and contributions.

While the total number of affected individuals remains unconfirmed, publicly available figures suggest hundreds of thousands of applications across the last year alone. Victims have been urged to monitor for suspicious communications and to change passwords promptly.

UK Legal aid services have been taken offline as contingency measures are put in place to maintain support for vulnerable users. Jane Harbottle, CEO of the Legal Aid Agency, expressed regret over the incident and reassured applicants that efforts are underway to restore secure access.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Criminals exploit weak mail security in new fraud surge

Check washing fraud is making a worrying comeback in the US, fuelled by both AI-powered identity theft and lax mail security. Criminals are intercepting posted cheques, erasing original details using chemicals, and rewriting them for higher amounts or different recipients.

The rise in such fraud, often unnoticed until the money is long gone, is prompting experts to warn the public to take immediate preventative steps. Reports show a sharp increase in cheque-related scams, with US financial institutions flagging over 665,000 suspicious cases in 2023 alone.

Organised crime groups are now blending traditional cheque theft with modern techniques, such as AI-generated identities and forged digital images. The fraudsters are also using mobile deposits, phishing emails, and business email compromise to trick individuals and companies into transferring funds.

For added protection, individuals and businesses are advised to invest in fraud monitoring, use cheques with security features, and report any suspicious activity without delay. With losses running into hundreds of millions, the growing threat of cheque washing shows no signs of slowing down.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hong Kong breaks up cross-border crypto laundering ring

Hong Kong authorities have busted a cross-border crypto laundering network that processed around HK$118 million (US$15 million) in illicit funds. The crackdown led to a dozen arrests amid efforts to stop people from monetising personal banking credentials.

Raids led by the Commercial Crime Bureau on Thursday detained nine men and three women aged between 20 and 40 across several districts. Officials seized HK$1.05 million in cash, over 560 bank cards, multiple devices, and financial documents.

Investigators found the network had recruited mainland Chinese citizens since mid-2023 to open fraudulent bank accounts in Hong Kong. These accounts were used to channel criminal proceeds from scams, with cash withdrawn and converted into cryptocurrency.

Two Hong Kong residents were arrested as primary organisers, alongside ten mainland Chinese nationals who served as account fronts. The operation reportedly used more than 550 domestic bank accounts to launder about HK$118 million.

So far, authorities have linked HK$10 million of the laundered money to 58 fraud cases. Victims reported losses totalling HK$43.2 million. The network operated from a Mong Kok apartment, where recruits stayed while processing fraudulent transfers.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Coinbase hit by breach and SEC probe ahead of S&P 500 entry

Cryptocurrency exchange Coinbase has disclosed a potential financial impact of $180 million to $400 million following a cyberattack that compromised customer data, according to a regulatory filing on Thursday.

The company said it received an email from an unidentified threat actor on Sunday, claiming to possess internal documents and account data for a limited number of customers.

Although hackers gained access to personal information such as names, addresses, and email addresses, Coinbase confirmed that no login credentials or passwords were compromised.

Coinbase stated it would reimburse users who were deceived into transferring funds to the attackers. It also revealed that multiple contractors and support staff outside the US had provided information to the hackers. Those involved have been terminated, the company said.

In parallel, the US Securities and Exchange Commission (SEC) is reportedly investigating whether Coinbase previously misrepresented its verified user figures.

Two sources familiar with the matter told Reuters that the SEC inquiry is ongoing, though it does not focus on know-your-customer (KYC) compliance or Bank Secrecy Act obligations. Coinbase has denied any such investigation into its compliance practices.

The SEC declined to comment. Coinbase’s chief legal officer, Paul Grewal, characterised the probe as a continuation of a past investigation into a user metric the company stopped reporting over two years ago. He said Coinbase is cooperating with the SEC but believes the inquiry should be closed.

The news comes ahead of Coinbase’s upcoming addition to the S&P 500 index, potentially overshadowing what had been viewed as a major milestone for the industry. Shares fell 7.2% following the disclosure.

Coinbase has rejected a $20 million ransom demand from the attackers and is cooperating with law enforcement. It has also offered a $20 million reward for information leading to the identification of the hackers.

The firm is opening a new US-based support hub and taking further measures to strengthen its cybersecurity framework.

The cyberattack adds to broader concerns about digital asset platform vulnerabilities. In 2024, hacks have resulted in over $2.2 billion in stolen funds, according to Chainalysis. Bybit alone reported a $1.5 billion theft in February, the largest on record.

Coinbase is also facing a lawsuit filed in the Southern District of New York, alleging the company failed to protect personal data belonging to millions of current and former customers.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Deepfake voice scams target US officials in phishing surge

Hackers are using deepfake voice and video technology to impersonate senior US government officials and high-profile tech figures in sophisticated phishing campaigns designed to steal sensitive data, the FBI has warned.

Since April, cybercriminals have been contacting current and former federal and state officials through fake voice messages and text messages claiming to be from trusted sources.

The scammers attempt to establish rapport and then direct victims to malicious websites to extract passwords and other private information.

The FBI cautions that if hackers compromise one official’s account, they may use that access to impersonate them further and target others in their network.

The agency urges individuals to verify identities, avoid unsolicited links, and enable multifactor authentication to protect sensitive accounts.

Separately, Polygon co-founder Sandeep Nailwal reported a deepfake scam in which bad actors impersonated him and colleagues via Zoom, urging crypto users to install malicious scripts. He described the attack as ‘horrifying’ and noted the difficulty of reporting such incidents to platforms like Telegram.

The FBI and cybersecurity experts recommend examining media for visual inconsistencies, avoiding software downloads during unverified calls, and never sharing credentials or wallet access unless certain of the source’s legitimacy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

FBI warns against AI-powered text scams

The FBI has issued a fresh warning urging the public not to trust unsolicited texts or voice messages, even if they appear to come from senior officials. A new wave of AI-powered attacks is reportedly so convincing that traditional signs of fraud are almost impossible to spot.

These campaigns involve voice and text messages crafted with AI, mimicking the voices of known individuals and spoofing phone numbers of trusted contacts or organisations. US victims are lured into clicking malicious links, often under the impression that the messages are urgent or official.

The FBI advises users to verify all communications independently, avoid clicking links or downloading attachments from unknown sources, and listen for unnatural speech patterns or visual anomalies in videos and images.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

NatWest hit by 100 million cyber attacks every month

NatWest is defending itself against an average of 100 million cyber attacks each month, according to the bank’s head of cybersecurity.

Speaking to Holyrood’s Criminal Justice Committee, Chris Ulliott outlined the ‘staggering’ scale of digital threats targeting the bank’s systems. Around a third of all incoming emails are blocked before reaching staff, as they are suspected to be the start of an attack.

Instead of relying on basic filters, NatWest analyses every email for malicious content and has a cybersecurity team of hundreds, supported by a multi-million-pound budget.

Mr Ulliott also warned of the growing use of AI by cyber criminals to make scams more convincing—such as altering their appearance during video calls to build trust with victims.

Police Scotland reported that cybercrime has more than doubled since 2020, with incidents rising from 7,710 to 18,280 in 2024. Officials highlighted the threat posed by groups like Scattered Spider, believed to consist of young hackers sharing techniques online.

MSP Rona Mackay called the figures ‘absolutely staggering,’ while Ben Macpherson said he had even been impersonated by fraudsters.

Law enforcement agencies, including the FBI, are now working together to tackle online crime. Meanwhile, Age Scotland warned that many older people lack confidence online, making them especially vulnerable to scams that can lead to financial ruin and emotional distress.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Valve denies Steam data breach

Valve has confirmed that a cache of old Steam two-factor authentication codes and phone numbers, recently circulated by a hacker known as ‘Machine1337’, is indeed real, but insists it did not suffer a data breach.

Instead of pointing to its own systems, Valve explained that the leak involves outdated SMS messages, which are typically sent unencrypted and routed through multiple providers. These codes, once valid for only 15 minutes, were not linked to specific Steam accounts, passwords, or payment information.

The leaked data sparked early speculation that third-party messaging provider Twilio was the source of the breach, especially after their name appeared in the dataset. However, both Valve and Twilio denied any direct involvement, with Valve stating it does not even use Twilio’s services.

The true origin of the breach remains uncertain, and Valve acknowledged that tracing it may be difficult, as SMS messages often pass through several intermediaries before reaching users.

While the leaked information may not immediately endanger Steam accounts, Valve advised users to remain cautious. Phone numbers, when combined with other data, could still be used for phishing attacks.

Instead of relying on SMS for security, users are encouraged to activate the Steam Mobile Authenticator, which offers a more secure alternative for account verification.

Despite the uncertainty surrounding the source of the breach, Valve reassured users there’s no need to change passwords or phone numbers. Still, it urged vigilance, recommending that users routinely review their security settings and remain wary of any unsolicited account notifications.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hackers use fake PayPal email to seize bank access

A man from Virginia fell victim to a sophisticated PayPal scam that allowed hackers to gain remote control of his computer and access his bank accounts.

After receiving a fake email about a laptop purchase, he called the number listed in the message, believing it to be legitimate. The person on the other end instructed him to enter a code into his browser, which unknowingly installed a program giving the scammer full access to his system.

Files were scanned, and money was transferred between his accounts—all while he was urged to stay on the line and visit the bank, without informing anyone.

The scam, known as a remote access attack, starts with a convincing email that appears to come from a trusted source. Instead of fixing any problem, the real aim is to deceive victims into granting hackers full control.

Once inside, scammers can steal personal data, access bank accounts, and install malware that remains even after the immediate threat ends. These attacks often unfold in minutes, using fear and urgency to manipulate targets into acting quickly and irrationally.

Quick action helped limit the damage in this case. The victim shut down his computer, contacted his bank and changed his passwords—steps that likely prevented more extensive losses. However, many people aren’t as fortunate.

Experts warn that scammers increasingly rely on psychological tricks instead of just technical ones, isolating their victims and urging secrecy during the attack.

To avoid falling for similar scams, it’s safer to verify emails by using official websites instead of clicking any embedded links or calling suspicious numbers.

Remote control should never be granted to unsolicited support calls, and all devices should have up-to-date antivirus protection and multifactor authentication enabled. Online safety now depends just as much on caution and awareness as it does on technology.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

European crypto crime ring dismantled

European authorities have broken up a crypto laundering ring that moved over €21 million for criminal groups tied to China and the Middle East. Dubbed the ‘mafia crypto bank,’ the group used the hawala method and cryptocurrency to obscure illicit fund transfers.

Seventeen suspects were arrested in a Spanish-led operation, with additional arrests in Austria and Belgium. Most of those detained were of Chinese and Syrian origin, allegedly serving clients involved in drug trafficking and migrant smuggling.

Police seized €4.5 million in assets, including digital currencies, cash, vehicles, shotguns, and luxury goods.

The group posed as a remittance business and advertised its services on social media. The crackdown highlights growing concern over crypto’s role in organised crime, with illicit transactions reaching $51.3 billion in 2024.

Crypto crime continues to surge in 2025, with $1.74 billion in losses reported already—exceeding all of last year.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot