Economic

Hong Kong Post cyberattack exposes EC‑Ship user data

A cyberattack on the Hong Kong Post has been confirmed. Targeting its EC‑Ship online shipping portal, the attack compromised personal address‑book information for approximately 60,000 to 70,000 users.

The data breach included names, physical addresses, phone and fax numbers, and email addresses of both senders and recipients.

The incident, detected late Sunday into Monday, involved an attacker using a legitimate EC‑Ship account to exploit a code vulnerability. Though the system’s security protocols identified unusual activity and suspended the account, the hacker persisted until the flaw was fully patched.

Affected customers received email alerts and were advised to monitor their information closely and alert contacts of potential phishing attempts.

Hong Kong Post is now collaborating with the Hong Kong Police Force, the Digital Policy Office, and the Office of the Privacy Commissioner. It implements a layered cybersecurity solution managed by the government’s Digital Policy Office.

The Postmaster General emphasised that remediation steps have been taken to close the loophole and pledged ongoing infrastructure improvements. An official investigation is underway to reinforce resilience and safeguard user data.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

North Korea turns to Russia for AI development help

North Korea is dispatching AI researchers, interns and students to countries such as Russia in an effort to strengthen its domestic tech sector, according to a report by NK News.

The move comes despite strict UN sanctions that restrict technological exchange, particularly in high-priority areas like AI.

Kim Kwang Hyok, head of the AI Institute at Kim Il Sung University, confirmed the strategy in an interview with a pro-Pyongyang outlet in Japan. He admitted that international restrictions remain a major hurdle but noted that researchers continue developing AI applications within North Korea regardless.

Among the projects cited is ‘Ryongma’, a multilingual translation app supporting English, Russian, and Chinese, which has been available on mobile devices since 2021.

Kim also mentioned efforts to develop an AI-driven platform for a hospital under construction in Pyongyang. However, technical limitations remain considerable, with just three known semiconductor plants operating in the country.

While Russia may seem like a natural partner, its own dependence on imported hardware limits how much it can help.

A former South Korean diplomat told NK News that Moscow lacks the domestic capacity to provide high-performance chips essential for advanced AI work, making large-scale collaboration difficult.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Spotify under fire for AI-generated songs on memorial artist pages

Spotify is facing criticism after AI-generated songs were uploaded to the pages of deceased artists without consent from estates or rights holders.

The latest case involves country singer-songwriter Blaze Foley, who died in 1989. A track titled ‘Together’ was posted to his official Spotify page over the weekend. The song sounded vaguely like a slow country ballad and was paired with AI-generated cover art showing a man who bore no resemblance to Foley.

Craig McDonald, whose label manages Foley’s catalogue, confirmed the track had nothing to do with the artist and described it as inauthentic and harmful. ‘I can clearly tell you that this song is not Blaze, not anywhere near Blaze’s style, at all,’ McDonald told 404 Media. ‘It has the authenticity of an algorithm.’

He criticised Spotify for failing to prevent such uploads and said the company had a duty to stop AI-generated music from appearing under real artists’ names.

‘It’s kind of surprising that Spotify doesn’t have a security fix for this type of action,’ he said. ‘They could fix this problem if they had the will to do so.’ Spotify said it had flagged the track to distributor SoundOn and removed it for violating its deceptive content policy.

However, other similar uploads have already emerged. The same company, Syntax Error, was linked to another AI-generated song titled ‘Happened To You’, uploaded last week under the name of Grammy-winning artist Guy Clark, who died in 2016.

Both tracks have since been removed, but Spotify has not explained how Syntax Error was able to post them using the names and likenesses of late musicians. The controversy is the latest in a wave of AI music incidents slipping through streaming platforms’ content checks.

Earlier this year, an AI-generated band called The Velvet Sundown amassed over a million Spotify streams before disclosing that all their vocals and instrumentals were made by AI.

Another high-profile case involved a fake Drake and The Weeknd collaboration, ‘Heart on My Sleeve’, which gained viral traction before being taken down by Universal Music Group.

Rights groups and artists have repeatedly warned about AI-generated content misrepresenting performers and undermining creative authenticity. As AI tools become more accessible, streaming platforms face mounting pressure to improve detection and approval processes to prevent further misuse.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Western Union eyes faster remittances with stablecoins

Western Union has begun exploring stablecoin use for remittances, viewing the technology as an opportunity amid rising competition and regulatory clarity. CEO Devin McGranahan revealed that the firm is testing new cross-border settlement processes in regions such as South America and Africa.

Stablecoins could enhance speed, lower costs, and offer value-storing options for customers in weaker-currency markets.

The move follows the recent passage of the GENIUS Act in the US, which provides a formal legal framework for issuing and trading stablecoins. The law is already prompting banks, retailers, and financial service providers to experiment with stablecoin applications.

Western Union is reportedly considering crypto wallet services and partnerships to act as a crypto on- and off-ramp.

According to OwlTing CEO Darren Wang, interest in stablecoins has surged, with monthly business inquiries rising significantly since May. He believes regulatory frameworks like the GENIUS Act and Europe’s MiCA will help stablecoins reach widespread adoption by 2026.

He emphasised that stablecoins can cut remittance costs below the UN’s 3% target, while providing instant, round-the-clock settlements.

Global interest for stablecoins continues to grow, with firms like Walmart, Amazon, JD.com, and Alipay reportedly exploring stablecoin integration.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Surge in UK corporate data leaks fuels fraud fears

Cybersecurity experts in London have warned of a sharp increase in corporate data breaches, with leaked files now frequently containing sensitive financial and personal records.

A new report by Lab 1 reveals that 93 percent of such breaches involve documents like invoices, IBANs, and bank statements, fuelling widespread fraud and reputational damage in the UK.

The study examined 141 million leaked files and shows how hackers increasingly target unstructured data such as HR records, emails, and internal code.

Often ignored in standard breach reviews, these files contain rich details that can be used for identity theft or follow-up cyberattacks.

Hackers are now behaving more like data scientists, according to Lab 1’s CEO, mining leaks for valuable information to exploit. The average breach now affects over 400 organisations indirectly, including business partners and vendors, significantly widening the fallout.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Android malware infects millions of devices globally

Millions of Android-based devices have been infected by a new strain of malware called BadBox 2.0, prompting urgent warnings from Google and the FBI. The malicious software can trigger ransomware attacks and collect sensitive user data.

The infected devices are primarily cheap, off-brand products manufactured in China, many of which come preloaded with the malware. Models such as the X88 Pro 10, T95, and QPLOVE Q9 are among those identified as compromised.

Google has launched legal action to shut down the illegal operation, calling BadBox 2.0 the largest botnet linked to internet-connected TVs. The FBI has advised the public to disconnect any suspicious devices and check for unusual network activity.

The malware generates illicit revenue through adware and poses broader cybersecurity threats, including denial-of-service attacks. Consumers are urged to avoid unofficial products and verify devices are Play Protect-certified before use.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Bitcoin’s security under quantum threat

A leading cybersecurity expert has raised concerns that Bitcoin’s underlying cryptography could be broken within five years. David Carvalho, CEO of Naoris Protocol, warned that quantum computers could soon break the cryptography securing Bitcoin transactions.

He believes the threat could materialise sooner than most anticipate, urging immediate action.

Carvalho pointed to Shor’s algorithm as the core concern. Once sufficiently advanced quantum machines are deployed, they could crack Bitcoin’s defences in seconds.

Roughly 30% of all Bitcoin—around 6 to 7 million BTC—is currently held in wallets with exposed public keys, making them especially vulnerable.

He also referenced major breakthroughs in the field, including Microsoft’s Majorana chip and IBM’s planned release of a fault-tolerant quantum computer by 2029.

With over 100 quantum systems already active and thousands more expected by 2030, Carvalho advised investors to migrate funds to quantum-secure wallets and update their security protocols.

However, Adam Back, CEO of Blockstream and an early Bitcoin contributor, believes the technology is still decades away from posing a real threat. He did acknowledge that future advancements may force even early adopters to move their coins to quantum-resistant addresses.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

New AI strategy aims to attract global capital to Indonesia

Indonesia is moving to cement its position in the global AI and semiconductor landscape by releasing its first comprehensive national AI strategy in August 2025.

Deputy Minister Nezar Patria says the roadmap aims to clarify the country’s AI market potential, particularly in sectors like health and agriculture, and provide guidance on infrastructure, regulation, and investment pathways.

Already, global tech firms are demonstrating confidence in the country’s potential. Microsoft has pledged $1.7 billion to expand cloud and AI capabilities, while Nvidia partnered on a $200 million AI centre project. These investments align with Jakarta’s efforts to build skill pipelines and computational capacity.

In parallel, Indonesia is pitching into critical minerals extraction to strengthen its semiconductor and AI hardware supply chains, and has invited foreign partners, including from the United States, to invest. These initiatives aim to align resource security with its AI ambitions.

However, analysts caution that Indonesia must still address significant gaps: limited AI-ready infrastructure, a shortfall in skilled tech talent, and governance concerns such as data privacy and IP protection.

The new AI roadmap will bridge these deficits and streamline regulation without stifling innovation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Over $3 billion of Ethereum lost forever

Over 913,000 ETH, worth around $3.43 billion, has been lost permanently due to user errors and contract flaws, according to Coinbase director Conor Grogan. The losses represent over 0.76% of Ethereum’s circulating supply and show the risks of human error in decentralised systems.

Among the largest losses cited are 306,000 ETH lost by the Web3 Foundation through a Parity multisig wallet vulnerability and 60,000 ETH locked in a smart contract by the now-defunct QuadrigaCX exchange.

An additional 11,500 ETH was destroyed by NFT project Akutars during a failed minting process.

Grogan also noted that more than 25,000 ETH has been sent to burn addresses directly by users.

He stressed that the $3.4 billion figure is a conservative estimate, excluding ETH lost due to forgotten private keys or dormant wallets. He noted Ethereum’s EIP-1559 burn has destroyed 5.3 million ETH, worth over $23 billion, removing more than 5% of all ETH from circulation.

These figures reveal a growing issue within the Ethereum ecosystem, where both technical flaws and irreversible design features have led to a significant amount of permanently inaccessible capital.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

UK MoD avoids further penalty after data breach

The UK’s data protection regulator has defended its decision not to pursue further action against the Ministry of Defence (MoD) over a serious data breach that exposed personal information of Afghans who assisted British forces.

The Information Commissioner’s Office (ICO) said the incident caused considerable harm but concluded additional investigation would not deliver greater benefit. The office stressed that organisations must handle data with greater care to avoid such damaging consequences.

The breach occurred when a hidden dataset in a spreadsheet was mistakenly shared under the pressures of a UK military operation. While the sender believed only limited data was being released, the spreadsheet contained much more information, some of which was later leaked online.

The ICO has already fined the MoD £350,000 in 2023 over a previous incident related to the Afghan relocation programme. The regulator confirmed that in both cases, the department had taken significant remedial action and committed extensive public resources to mitigate future risk.

Although the ICO acknowledged the incident’s severe impact, including threats to individual lives, it decided not to divert further resources given existing accountability, classified restrictions, and national security concerns.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!