Cybersecurity

US Army puts cybersecurity at the heart of transformation

Cybersecurity is a critical element of the US Army’s ongoing transformation and of wider national efforts to safeguard critical infrastructure, according to Brandon Pugh, Principal Cyber Adviser to the Secretary of the Army. Speaking at the Billington CyberSecurity Summit on 11 September, Pugh explained that the Army’s Continuous Transformation initiative is intended to deliver advanced technologies to soldiers more rapidly, ensuring readiness for operational environments where cybersecurity underpins every aspect of activity, from base operations to mobilisation.

Pugh took part in the panel where he emphasised that defending the homeland remains a central priority, with the Army directly affected by vulnerabilities in privately owned critical infrastructure such as energy and transport networks. He referred to research conducted by the Army Cyber Institute at the US Military Academy at West Point, which analyses how weaknesses in infrastructure could undermine the Army’s ability to project forces in times of crisis or conflict.

The other panellists agreed that maintaining strong basic cyber hygiene is essential. Josh Salmanson, Vice President for the Defence Cyber Practice at Leidos, underlined the importance of measures such as timely patching, reducing vulnerabilities, and eliminating shared passwords, all of which help to reduce noise in networks and strengthen responses to evolving threats.

The discussion also considered the growing application of AI in cyber operations. Col. Ivan Kalabashkin, Deputy Head of Ukraine’s Security Services Cyber Division reported that Ukraine has faced more than 13,000 cyber incidents directed at government and critical infrastructure systems since the start of the full-scale war, noting that Russia has in recent months employed AI to scan for network vulnerabilities.

Pugh stated that the Army is actively examining how AI can be applied to enhance both defensive and potentially offensive cyber operations, pointing to significant ongoing work within Army Cyber Command and US Cyber Command.

Finally, Pugh highlighted the Army’s determination to accelerate the introduction of cyber capabilities, particularly from innovative companies offering specialist solutions. He stressed the importance of acquisition processes that enable soldiers to test new capabilities within weeks, in line with the Army’s broader drive to modernise how it procures, evaluates, and deploys technology.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cyberattack compromises personal data used for DBS checks at UK college

Bracknell and Wokingham College has confirmed a cyberattack that compromised data collected for Disclosure and Barring Service (DBS) checks. The breach affects data used by Activate Learning and other institutions, including names, dates of birth, National Insurance numbers, and passport details.

Access Personal Checking Services (APCS) was alerted by supplier Intradev on August 17 that its systems had been accessed without authorisation. While payment card details and criminal conviction records were not compromised, data submitted between December 2024 and May 8, 2025, was copied.

APCS stated that its own networks and those of Activate Learning were not breached. The organisation is contacting only those data controllers where confirmed breaches have occurred and has advised that its services can continue to be used safely.

Activate Learning reported the incident to the Information Commissioner’s Office following a risk assessment. APCS is still investigating the full scope of the breach and has pledged to keep affected institutions and individuals informed as more information becomes available.

Individuals have been advised to closely monitor their financial statements, exercise caution when opening phishing emails, and regularly update security measures, including passwords and two-factor authentication. Activate Learning emphasised the importance of staying vigilant to minimise risks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Indonesia’s sovereign wealth fund INA targets data centres and AI in healthcare

The Indonesia Investment Authority (INA), the country’s sovereign wealth fund, is sharpening its focus on digital infrastructure, healthcare and renewable energy as it seeks to attract foreign partners and strengthen national development.

The fund, created in 2021 with $5 billion in state capital, now manages assets worth around $10 billion and is expanding its scope beyond equity into hybrid capital and private credit.

Chief investment officer Christopher Ganis said data centres and supporting infrastructure, such as sub-sea cables, were key priorities as the government emphasises data independence and resilience.

INA has already teamed up with Singapore-based Granite Asia to invest over $1.2 billion in Indonesia’s technology and AI ecosystem, including a new data centre campus in Batam. Ganis added that AI would be applied first in healthcare instead of rushing into broader adoption.

Renewables also remain central to INA’s strategy, with its partnership alongside Abu Dhabi’s Masdar Clean Energy in Pertamina Geothermal Energy cited as a strong performer.

Ganis said Asia’s reliance on bank financing highlights the need for INA’s support in cross-border growth, since domestic banks cannot always facilitate overseas expansion.

Despite growing global ambitions, INA will prioritise projects directly linked to Indonesia. Ganis stressed that it must deliver benefits at home instead of directing capital into ventures without a clear link to the country’s future.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Miljodata hack exposes data of nearly 15% of Swedish population

Swedish prosecutors have confirmed that a cyberattack on IT systems provider Miljodata exposed the personal data of 1.5 million people, nearly 15% of Sweden’s population. The attack occurred during the weekend of August 23–24.

Authorities said the stolen data has been leaked online and includes names, addresses, and contact details. Prosecutor Sandra Helgadottir said the group Datacarry has claimed responsibility, though no foreign state involvement is suspected.

Media in Sweden reported that the hackers demanded 1.5 bitcoin (around $170,000) to prevent the release of the data. Miljodata confirmed the information has now been published on the darknet.

The Swedish Authority for Privacy Protection has received over 250 breach notifications, with 164 municipalities and four regional authorities impacted. Employees in Gothenburg were among those affected, according to SVT.

Private companies, including Volvo, SAS, and GKN Aerospace, also reported compromised data. Investigators are working to identify the perpetrators as the breach’s scale continues to raise concerns nationwide.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

First quantum-AI data centre launched in New York City

Oxford Quantum Circuits (OQC) and Digital Realty have launched the first quantum-AI data centre in New York City at the JFK10 facility, powered by Nvidia GH200 Grace Hopper Superchips. The project combines superconducting quantum computers with AI supercomputing under one roof.

OQC’s GENESIS quantum computer is the first to be deployed in a New York data centre, designed to support hybrid workloads and enterprise adoption. Future GENESIS systems will ship with Nvidia accelerated computing and CUDA-Q integration as standard.

OQC CEO Gerald Mullally said the centre will drive the AI revolution securely and at scale, strengthening the UKUS technology alliance. Digital Realty CEO Andy Power called it a milestone for making quantum-AI accessible to enterprises and governments.

UK Science Minister Patrick Vallance highlighted the £212 billion economic potential of quantum by 2045, citing applications from drug discovery to clean energy. He said the launch puts British innovation at the heart of next-generation computing.

The centre, embedded in Digital Realty’s PlatformDIGITAL, will support applications in finance, security, and AI, including quantum machine learning and accelerated model training. OQC Chair Jack Boyer said it demonstrates UK–US collaboration in leading frontier technologies.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Australia outlines guidelines for social media age ban

Australia has released its regulatory guidance for the incoming social media age restriction law, which takes effect on December 10. Users under 16 will be barred from holding accounts on most major platforms, including Instagram, TikTok, and Facebook.

The new guidance details what are considered ‘reasonable steps’ for compliance. Platforms must detect and remove underage accounts, communicating clearly with affected users. It remains uncertain whether removed accounts will have their content deleted or if they can be reactivated once the user turns 16.

Platforms are also expected to block attempts to re-register, including the use of VPNs or other workarounds. Companies are encouraged to implement a multi-step age verification process and provide users with a range of options, rather than relying solely on government-issued identification.

Blanket age verification won’t be required, nor will platforms need to store personal data from verification processes. Instead, companies must demonstrate effectiveness through system-level records. Existing data, such as an account’s creation date, may be used to estimate age.

Under-16s will still be able to view content without logging in, for example, watching YouTube videos in a browser. However, shared access to adult accounts on family devices could present enforcement challenges.

Communications Minister Anika Wells stated that there is ‘no excuse for non-compliance.’ Each platform must now develop its own strategy to meet the law’s requirements ahead of the fast-approaching deadline.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

AI will kill middle-ground media, but raw content will thrive

Advertising is heading for a split future. By 2030, brands will run hyper-personalised AI campaigns or embrace raw human storytelling. Everything in between will vanish.

AI-driven advertising will go far beyond text-to-image gimmicks. These adaptive systems will combine social trends, search habits, and first-party data to create millions of real-time ad variations.

The opposite approach will lean into imperfection, featuring unpolished TikToks, founder-shot iPhone videos, and authentic and alive content. Audiences reward authenticity over carefully scripted, generic campaigns.

Mid-tier, polished, forgettable, creative work will be the first to fade away. AI can replicate it instantly, and audiences will scroll past it without noticing.

Marketers must now pick a side: feed AI with data and scale personalisation, or double down on community-driven, imperfect storytelling. The middle won’t survive.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

China proposes independent oversight committees to strengthen data protection

The Cyberspace Administration of China (CAC) has proposed new rules requiring major online platforms to establish independent oversight committees focused on personal data protection. The draft regulation, released Friday, 13 September 2025, is open for public comment until 12 October 2025.

Under the proposal, platforms with large user bases and complex operations must form committees of at least seven members, two-thirds of whom must be external experts without ties to the company. These experts must have at least three years of experience in data security and be well-versed in relevant laws and standards.

The committees will oversee sensitive data handling, cross-border transfers, security incidents, and regulatory compliance. They are also tasked with maintaining open communication channels with users about data concerns.

If a platform fails to act and offers unsatisfactory reasons, the issue can be escalated to provincial regulators in China.

The CAC says the move aims to enhance transparency and accountability by involving independent experts in monitoring and flagging high-risk data practices.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Hong Kong to speed up tech hub plan with China

One of S.A.R. of China, Hong Kong, is preparing to accelerate its cross-border technology hub plans with mainland China as the city seeks new growth drivers to offset its fragile economy.

Chief Executive John Lee is set to deliver his annual policy address on Wednesday, with the Northern Metropolis project expected to take centre stage.

The initiative aims to transform a sparsely populated area into a base for advanced industries and innovation, while reducing reliance on finance and real estate.

According to state-owned media, the government will ease financing rules to attract companies in AI, renewable energy and medical technology.

An urgency that comes despite signs of recovery, as the economy of Hong Kong grew at its fastest pace in over a year last quarter. Yet home prices continue to fall, unemployment has risen, and public finances remain stretched.

The administration is unlikely to offer sweeping property incentives, such as tax cuts or looser rules for mainland buyers, given fiscal constraints. Instead, it may revive the long-dormant Tenants Purchase Scheme, first launched in 1998, which allows public housing tenants to buy their flats at reduced prices.

Analysts say that without bold reforms, the housing market will stay under pressure as oversupply and weak sentiment weigh on values.

Hong Kong’s $7.2 trillion stock market could benefit if new listings and inflows are encouraged, especially as developers look to stimulus and lower mortgage rates to support sales.

However, with the economy of China also slowing down, doubts remain over whether deeper integration and technology investments can provide a lasting boost.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Millions of customer records stolen in Kering luxury brand data breach

Kering has confirmed a data breach affecting several of its luxury brands, including Gucci, Balenciaga, Brioni, and Alexander McQueen, after unauthorised access to its Salesforce systems compromised millions of customer records.

Hacking group ShinyHunters has claimed responsibility, alleging it exfiltrated 43.5 million records from Gucci and nearly 13 million from the other brands. The stolen data includes names, email addresses, dates of birth, sales histories, and home addresses.

Kering stated that the incident occurred in June 2025 and did not compromise bank or credit card details or national identifiers. The company has reported the breach to the relevant regulators and is notifying the affected customers.

Evidence shared by ShinyHunters suggests Balenciaga made an initial ransom payment of €500,000 before negotiations broke down. The group released sample data and chat logs to support its claims.

ShinyHunters has exploited Salesforce weaknesses in previous attacks targeting luxury, travel, and financial firms. Questions remain about the total number of affected customers and the potential exposure of other Kering brands.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!