Cybersecurity

Coinbase security breach linked to India contractor

Coinbase is under scrutiny after revealing a data breach tied to its contractor TaskUs. The incident reportedly involved insider misconduct at a support centre in India.

Though the breach was disclosed in May, insiders say Coinbase had knowledge of the issue as early as January.

The incident was traced to a TaskUs agent who allegedly photographed customer data and sold it to hackers. TaskUs fired two staff, saying the breach seemed part of a broader campaign targeting several Coinbase service providers.

Operations in Indore were suspended, impacting 226 staff, most of whom received severance.

Hackers accessed names, addresses, masked banking data, and ID documents, but no funds or passwords were compromised. On 11 May, Coinbase received a $20 million ransom demand.

CEO Brian Armstrong rejected the threat and instead offered a $20 million reward for information leading to the attackers’ arrest.

The breach, which affected under 1% of users, has triggered a shareholder lawsuit accusing Coinbase of failing to disclose the incident promptly.

Although its stock dipped 7% after the news, it has since recovered, supported by the company’s recent inclusion in the S&P 500 index.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Meta inks 20-year nuclear deal to power AI expansion

Meta has entered a landmark 20-year agreement with Constellation to purchase 1.1 gigawatts of nuclear power from the Clinton Clean Energy Center in Illinois, starting in 2027.

The deal is designed to support the company’s rapidly growing AI infrastructure and data centres as energy demands surge across the tech industry.

Once facing closure due to financial losses, the Clinton plant’s future is secure — without relying on Illinois’ Zero Emission Credit programme. The agreement will keep over 1,100 local jobs, boost grid capacity by 30 megawatts, and generate an estimated $13.5 million in annual tax revenue.

Illinois lawmakers have praised the deal for its economic and environmental benefits, with Republican Regan Deering calling it ‘a forward-thinking investment.’

The partnership is part of Meta’s broader strategy to build a nuclear-powered AI ecosystem. With clean energy targets of 1 to 4 gigawatts, Meta has been negotiating with multiple nuclear providers and says further agreements are in the final stages.

According to the International Atomic Energy Agency, global data centre energy use is set to more than double by 2030 — potentially outstripping Japan’s entire electricity consumption. Meta alone plans to invest $65 billion in AI infrastructure in 2025.

The Clinton plant deal also serves as a hedge against the environmental impact of fossil fuels. A 2024 study by the Brattle Group estimated that closing the facility would have led to an additional 34 million metric tons of carbon emissions over two decades. It would also have dealt an annual $765 million blow to Illinois’ GDP.

Constellation, the plant’s operator, said consistent, carbon-free baseload power is essential for the AI-driven future. With its reliability and scale, nuclear energy is increasingly seen as critical to supporting always-on AI systems.

Meanwhile, Meta continues advancing its AI vision. The company plans to fully automate ad creation by late 2026, generating images, videos, and text tailored to user location and timing.

This automation effort has already boosted ad performance, with Q1 2025 results showing a 30% rise in AI-generated ad use, a 10% increase in average ad prices, and $42.31 billion in revenue — a 16% year-over-year jump.

However, the push for AI-generated content has unsettled the advertising industry. Firms like Omnicom Group have seen share prices dip over fears disrupting to traditional creative and production models.

Zuckerberg’s long-term AI vision includes automating marketing and enhancing user experience through AI companions and virtual therapists — part of Meta’s goal to integrate machine learning into everyday life while ensuring its platforms run on clean, scalable energy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cyber attack hits Lee Enterprises staff data

Thousands of current and former employees at Lee Enterprises have had their data exposed following a cyberattack earlier this year.

Hackers accessed to the company’s systems in early February, compromising sensitive information such as names and Social Security numbers before the breach was contained the same day.

Although the media firm, which operates over 70 newspapers across 26 US states, swiftly secured its networks, a three-month investigation involving external cybersecurity experts revealed that attackers accessed databases containing employee details.

The breach potentially affects around 40,000 individuals — far more than the company’s 4,500 current staff — indicating that past employees were also impacted.

The stolen data could be used for identity theft, fraud or phishing attempts. Criminals may even impersonate affected employees to infiltrate deeper into company systems and extract more valuable information.

Lee Enterprises has notified those impacted and filed relevant disclosures with authorities, including the Maine Attorney General’s Office.

Headquartered in Iowa, Lee Enterprises draws over 200 million monthly online page views and generated over $611 million in revenue in 2024. The incident underscores the ongoing vulnerability of media organisations to cyber threats, especially when personal employee data is involved.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Vodafone fined €45 million in Germany over data privacy violations

German data protection authorities have imposed a €45 million ($51.2 million) fine on Vodafone for what they described as serious data privacy breaches involving both third-party sales practices and weak digital security systems. The Federal Commissioner for Data Protection (BfDI) cited ‘malicious behaviour’ by partner agencies and security flaws that allowed unauthorised access to customer accounts.

Investigators found that some of Vodafone’s partner agencies engaged in fraudulent conduct, including altering or forging contracts to the detriment of customers. Vodafone was fined €15 million for failing to properly supervise these partners, as required by the European Union’s General Data Protection Regulation (GDPR).

Additionally, a €30 million fine was levied due to vulnerabilities in Vodafone’s customer authentication systems, which potentially allowed outsiders to access sensitive services like eSIM profiles. Vodafone has acknowledged the issues, attributing them to inadequate data protection checks at the time.

The company expressed regret for the impact on customers and emphasized that under new management, it has overhauled its data protection protocols to prevent future breaches.

Louisa Specht-Riemenschneider, Germany’s federal data protection commissioner, underscored the importance of data security, stating that user trust in digital services depends on strong safeguards. She added that proper compliance can even be a competitive advantage, as EU regulators continue to crack down on companies that violate GDPR standards.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Cyber attacks and ransomware rise globally in early 2025

Cyber attacks have surged by 47% globally in the first quarter of 2025, with organisations facing an average of 1,925 attacks each week.

Check Point Software, a cybersecurity firm, warns that attackers are growing more sophisticated and persistent, targeting critical sectors like healthcare, finance, and technology with increasing intensity.

Ransomware activity alone has soared by 126% compared to last year. Attackers are no longer just encrypting files but now also threaten to leak sensitive data unless paid — a tactic known as dual extortion.

Instead of operating as large, centralised gangs, modern ransomware groups are smaller and more agile, often coordinating through dark web forums, making them harder to trace.

The report also notes that cybercriminals are using AI to automate phishing attacks and scan systems for vulnerabilities, allowing them to strike with greater accuracy. Emerging markets remain particularly vulnerable, as they often lack advanced cybersecurity infrastructure.

Check Point urges companies to act decisively by adopting proactive security measures, investing in threat detection and employee training, and implementing real-time monitoring. Waiting for an attack instead of preparing in advance could leave organisations dangerously exposed.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Customer data stolen in cyber attacks on Cartier and North Face

Fashion brand The North Face and luxury jeweller Cartier have confirmed recent cyber attacks that exposed customer data, including names and email addresses.

Neither company reported breaches of financial or password information.

North Face identified the attack as a credential stuffing attempt, where previously stolen passwords are used to break into other accounts.

Affected customers are being advised to change their login details, while the company’s owner, VF Corporation, continues recovering from an earlier incident.

Cartier said the breach allowed brief access to limited client data but insisted that it quickly secured its systems.

Retailers such as Adidas, Victoria’s Secret, Harrods, and M&S have all been hit in recent months, prompting warnings that the industry remains an attractive target for cyber criminals.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Microsoft and CrowdStrike align naming of threat actors

Microsoft and CrowdStrike have announced a joint initiative to align their threat actor taxonomies, aiming to improve clarity and coordination in the fight against cyberattacks.

While the two cybersecurity giants are not creating a unified naming standard, they are publishing a cross-referenced mapping that shows how threat actors tracked by both companies correspond under their respective naming systems.

The inconsistency in threat actor names across the cybersecurity industry has long created confusion, often slowing response times and complicating collaboration between teams.

A single actor might be known as Midnight Blizzard by Microsoft, Cozy Bear by another firm, and APT29 or UNC2452 by others — all referring to the same group. This fragmentation of identifiers has made tracking and defending against threats more difficult.

To address this, Microsoft and CrowdStrike have released a reference document that maps common threat actors across both organisations’ taxonomies and includes aliases from other vendors.

The goal is to provide security teams with a clearer understanding of which groups are being discussed, regardless of the terminology used.

Although the mapping effort currently involves only Microsoft and CrowdStrike, other major players in the cybersecurity industry — including Google’s Mandiant and Palo Alto Networks’ Unit 42 — are expected to contribute to the initiative in the future.

‘Security is a shared responsibility, requiring community-wide efforts to improve defensive measures,’ said Vasu Jakkal, Corporate Vice President of Microsoft Security. ‘We are excited to be teaming up with CrowdStrike and look forward to others joining us on this journey.’

As more companies adopt this collaborative approach, experts believe it will enhance collective defence by making threat intelligence easier to interpret and act upon across the security ecosystem.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

France cracks down on organised kidnapping ring targeting crypto leaders

Twenty-five people, including six minors, have been charged in Paris for kidnappings and attempted abductions of France’s crypto leaders. Eighteen are in pre-trial detention, others await court or are under supervision. Ages range from 16 to 23.

The investigation began with a 13 May daylight kidnapping attempt in eastern Paris, aimed at the daughter and grandson of Paymium’s CEO, Pierre Noizat. Prior failed attempts and a separate foiled abduction near Nantes earlier in the week are also linked to the case.

Video footage showed masked attackers assaulting Noizat’s family, who were hospitalised with minor injuries. Noizat praised those who defended his family during the attack.

Most suspects are French-born, with some from Senegal, Angola, and Russia. Authorities say the accused include both those who carried out the abductions and those responsible for logistics.

Defence lawyers highlighted the youth of some defendants and their vulnerability to criminal influence. The wave of kidnappings has raised national security concerns, prompting government efforts to protect wealthy crypto entrepreneurs.

Last January, Ledger co-founder David Balland was kidnapped, tortured, and ransomed before being freed.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Australia tightens rules for crypto ATMs

Australia has imposed stricter rules on crypto ATM operators to curb scams and ensure compliance with anti-money laundering laws. A $5,000 AUD limit now applies to cash deposits and withdrawals, with scam warnings required on all machines.

Operators must also step up customer verification and improve transaction monitoring. These measures follow an AUSTRAC-led investigation that revealed older Australians, particularly those aged 60 to 70, account for a large share of crypto ATM activity.

Authorities noted that some victims were tricked into handing over life savings via these machines.

AUSTRAC has already denied registration renewal to one provider, Harro’s Empires, due to ongoing misuse risks.

The agency warned that other non-compliant operators could face similar penalties. It also urged broader adoption of cash limits across exchanges to reduce financial crime exposure.

To strengthen awareness, AUSTRAC and the federal police have released educational materials to be displayed near ATMs. The move comes amid rising scam reports, with 150 confirmed cases and over $3.1 million AUD in losses reported within a year.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Singapore orders crypto firms to stop overseas activity by June

Singapore’s central bank, the Monetary Authority of Singapore (MAS), has mandated all local crypto service providers to halt digital token operations targeting overseas markets by 30 June 2025. Firms failing to comply risk fines of up to S$250,000 (£145,000) and imprisonment for up to three years.

The directive applies to any Singapore-based company, individual, or partnership offering digital token services abroad, regardless of their main business. MAS confirmed no transitional arrangements will be made.

Only firms licensed under current financial laws may continue without breaching the rules.

Licences for overseas digital token services will be rare due to strict AML and CFT concerns. Industry experts advise companies to restructure operations quickly to remove Singapore connections and reduce compliance risks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!