Encryption

Japan to develop new cybersecurity strategy and measures

The Japanese government is preparing to develop a new cybersecurity strategy within the year, aiming to address growing digital threats targeting both public institutions and private enterprises. As part of the forthcoming strategy, the government plans to transition its internal communications systems from public-key cryptography to post-quantum cryptography, which is considered more resilient against potential cyberattacks enabled by quantum computing technologies.

In a recent development, Defence Minister Gen Nakatani met with Lithuanian Defence Minister Dovile Šakalienė in Tokyo, where both sides agreed to strengthen bilateral cooperation on cybersecurity. A Japanese Ministry of Defence expert will be sent to Lithuania in June to engage with local specialists, who are recognised for their expertise in managing persistent cyber threats, particularly those attributed to Russian state-linked actors.

The agreement follows an earlier announcement that Japan intends to expand its pool of specialist cybersecurity personnel from the current 24,000 to at least 50,000 by 2030. The target was introduced in response to a Ministry of Economy, Trade and Industry (METI) panel recommendation that the country needs approximately 110,000 skilled cybersecurity professionals to meet growing demand.

Under new regulatory measures due to take effect in 2026, the government will also begin inspecting the cybersecurity practices of private companies. Firms failing to meet the established standards may risk losing access to state subsidies.

Earlier this year, the parliament passed a new law enabling active cyberdefence measures, allowing authorities to legally monitor communications data during peacetime and neutralise foreign servers if cyberattacks occur.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Croatia urged to embed human rights into AI law

Politiscope recently held an event at the Croatian Journalists’ Association to highlight the human rights risks of AI.

As Croatia begins drafting a national law to implement the EU AI Act, the event aimed to push for stronger protections and transparency instead of relying on vague promises of innovation.

Croatia’s working group is still forming key elements of the law, such as who will enforce it, making it an important moment for public input.

Experts warned that AI systems could increase surveillance, discrimination, and exclusion. Speakers presented troubling examples, including inaccurate biometric tools and algorithms that deny benefits or profile individuals unfairly.

Campaigners from across Europe, including EDRi, showcased how civil society has already stopped invasive AI tools in places like the Netherlands and Serbia. They argued that ‘values’ embedded in corporate AI systems often lack accountability and harm marginalised groups instead of protecting them.

Rather than presenting AI as a distant threat or a miracle cure, the event focused on current harms and the urgent need for safeguards. Speakers called for a public register of AI use in state institutions, a ban on biometric surveillance in public, and full civil society participation in shaping AI rules.

A panel urged Croatia to go beyond the EU Act’s baseline by embracing more transparent and citizen-led approaches.

Despite having submitted recommendations, Politiscope and other civil society organisations remain excluded from the working group drafting the law. While business groups and unions often gain access through social dialogue rules, CSOs are still sidelined.

Politiscope continues to demand an open and inclusive legislative process, arguing that democratic oversight is essential for AI to serve people instead of controlling them.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AT&T hit by alleged 31 million record breach

A hacker has allegedly leaked data from 31 million AT&T customers, raising fresh concerns over the security of one of America’s largest telecom providers. The data, posted on a major dark web forum in late May 2025, is said to contain 3.1GB of customer information in both JSON and CSV formats.

Instead of isolated details, the breach reportedly includes highly sensitive data: full names, dates of birth, tax IDs, physical and email addresses, device and cookie identifiers, phone numbers, and IP addresses.

Cybersecurity firm DarkEye flagged the leak, warning that the structured formats make the data easy for criminals to exploit.

If verified, the breach would mark yet another major incident for AT&T. In March 2024, the company confirmed that personal information from 73 million users had been leaked.

Just months later, a July breach exposed call records and location metadata for nearly 110 million customers, with blame directed at compromised Snowflake cloud accounts.

AT&T has yet to comment on the latest claims. Experts warn that the combination of tax numbers and device data could enable identity theft, financial scams, and advanced phishing attacks.

For a company already under scrutiny for past security lapses, the latest breach could further damage public trust.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Victoria’s Secret website hit by cyber attack

Victoria’s Secret’s website has remained offline for three days due to a security incident the company has yet to fully explain. A spokesperson confirmed steps are being taken to address the issue, saying external experts have been called in and some in-store systems were also taken down as a precaution.

Instead of revealing specific details, the retailer has left users with only a holding message on a pink background. It has declined to comment on whether ransomware is involved, when the disruption began, or if law enforcement has been contacted.

The firm’s physical stores continue operating as normal, and payment systems are unaffected, suggesting the breach has hit other digital infrastructure. Still, the shutdown has rattled investors—shares fell nearly seven percent on Wednesday.

With online sales accounting for a third of Victoria’s Secret’s $6 billion annual revenue, the pressure to resolve the situation is high.

The timing has raised eyebrows, as cybercriminals often strike during public holidays like Memorial Day, when IT teams are short-staffed. The attack follows a worrying trend among retailers.

UK giants such as Harrods, Marks & Spencer, and the Co-op have all suffered recent breaches. Experts warn that US chains are becoming the next major targets, with threat groups like Scattered Spider shifting their focus across the Atlantic.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK and EU strengthen maritime and cyber security

The UK and the EU have agreed to step up cooperation on cybersecurity as part of a wider defence and security pact.

The new framework, signed on 19 May, marks a major shift towards joint efforts in countering digital threats and hybrid warfare.

Instead of managing these challenges separately, the UK and EU will hold structured dialogues to address cyberattacks, disinformation campaigns, and other forms of foreign interference.

The deal outlines regular exchanges between national security officials, supported by thematic discussions focused on crisis response, infrastructure protection, and online misinformation.

A key aim is to boost resilience against hostile cyber activity by working together on detection, defence, and prevention strategies. The agreement encourages joint efforts to safeguard communication networks, protect energy grids, and strengthen public awareness against information manipulation.

The cooperation is expected to extend into coordinated drills and real-time threat sharing.

While the UK remains outside the EU’s political structure, the agreement positions it as a close cyber security partner.

Future plans include exploring deeper collaboration through EU defence projects and potentially forming a formal link with the European Defence Agency, ensuring that both sides can respond more effectively to emerging digital threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Taiwan rebuffs China’s hacking claims as disinformation

Taiwan has rejected accusations from Beijing that its ruling party orchestrated cyberattacks against Chinese infrastructure. Authorities in Taipei instead accused China of spreading false claims in an effort to manipulate public perception and escalate tensions.

On Tuesday, Chinese officials alleged that a Taiwan-backed hacker group linked to the Democratic Progressive Party (DPP) had targeted a technology firm in Guangzhou.

They claimed more than 1,000 networks, including systems tied to the military, energy, and government sectors, had been compromised across ten provinces in recent years.

Taiwan’s National Security Bureau responded on Wednesday, stating that the Chinese Communist Party is manipulating false information to mislead the international community.

Rather than acknowledging its own cyber activities, Beijing is attempting to shift blame while undermining Taiwan’s credibility, the agency said.

Taipei further accused China of long-running cyberattacks aimed at stealing funds and destabilising critical infrastructure. Officials described such campaigns as part of cognitive warfare designed to widen social divides and erode public trust within Taiwan.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Iranian hacker admits role in Baltimore ransomware attack

An Iranian man has pleaded guilty to charges stemming from a ransomware campaign that disrupted public services across several US cities, including a major 2019 attack in Baltimore.

The US Department of Justice announced that 37-year-old Sina Gholinejad admitted to computer fraud and conspiracy to commit wire fraud, offences that carry a maximum combined sentence of 30 years.

Rather than targeting private firms, Gholinejad and his accomplices deployed Robbinhood ransomware against local governments, hospitals and non-profit organisations from early 2019 to March 2024.

The attack on Baltimore alone resulted in over $19 million in damage and halted critical city functions such as water billing, property tax collection and parking enforcement.

Instead of simply locking data, the group demanded Bitcoin ransoms and occasionally threatened to release sensitive files. Cities including Greenville, Gresham and Yonkers were also affected.

Although no state affiliation has been confirmed, US officials have previously warned of cyber activity tied to Iran, allegations Tehran continues to deny.

Gholinejad was arrested at Raleigh-Durham International Airport in January 2025. The FBI led the investigation, with support from Bulgarian authorities. Sentencing is scheduled for August.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Decentralised AI could outgrow Bitcoin

Early blockchain adopters are now focusing on decentralised AI, with ecosystems like Bittensor (TAO) leading the way. These platforms allow ideas to gain support and funding from the community without relying on traditional venture capital.

Chris Miglino, CEO of DNA Fund, highlighted the firm’s AI compute fund, which has invested around $50 million in Bittensor’s ecosystem. The network’s unique subnets create specialised marketplaces for AI applications, attracting developers and miners alike.

Decentralised AI, which runs on distributed networks rather than central authorities, is DNA House’s main focus. Miglino believes it could become bigger than Bitcoin, reshaping society in profound ways.

DNA Fund supports developers to launch projects within the ecosystem without needing large venture capital investments. Decentralised AI is widely seen as the future, with pioneers like Ben Goertzel supporting it since the early 1990s.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Quantum computers might break Bitcoin security faster than thought

Google researchers have revealed that breaking RSA encryption—the technology securing crypto wallets—requires far fewer quantum resources than previously thought. The team found cracking 2048-bit RSA could take under a week using fewer than a million noisy qubits, 20 times less than previously estimated.

Currently, quantum computers like IBM’s Condor and Google’s Sycamore operate with far fewer qubits, so crypto assets remain safe for now. The significance lies in the rapid pace of improvement in quantum computing capabilities, which calls for increased vigilance.

The breakthrough stems from improved algorithms that speed up key calculations and smarter error correction methods. Researchers also enhanced ‘magic state cultivation,’ a technique that boosts quantum operation efficiency by reducing resource waste.

Bitcoin relies on elliptic curve cryptography, similar in principle to RSA. If quantum computers can crack RSA sooner, Bitcoin’s security timeline could be shortened.

Efforts like Project 11’s quantum Bitcoin bounty highlight ongoing research to test the threat’s urgency.

Quantum threats extend beyond crypto, affecting global secure communications, banking, and digital signatures. Google has begun encrypting more traffic with quantum-resistant protocols in preparation for this shift.

Despite rapid progress, challenges remain. Quantum computers must maintain stability and coherence for long periods to execute complex operations. Currently, this remains a major hurdle, so there is no immediate threat.

It seems likely the first quantum-resistant blockchain upgrades will arrive well before any quantum attack on Bitcoin’s network.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

German court allows Meta to use Facebook and Instagram data

A German court has ruled in favour of Meta, allowing the tech company to use data from Facebook and Instagram to train AI systems. A Cologne court ruled Meta had not breached the EU law and deemed its AI development a legitimate interest.

According to the court, Meta is permitted to process public user data without explicit consent. Judges argued that training AI systems could not be achieved by other equally effective and less intrusive methods.

They noted that Meta plans to use only publicly accessible data and had taken adequate steps to inform users via its mobile apps.

Despite the ruling, the North Rhine-Westphalia Consumer Advice Centre remains critical, raising concerns about legality and user privacy. Privacy group Noyb also challenged the decision, warning it could take further legal action, including a potential class-action lawsuit.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot