Privacy and data protection

Coinbase security breach linked to India contractor

Coinbase is under scrutiny after revealing a data breach tied to its contractor TaskUs. The incident reportedly involved insider misconduct at a support centre in India.

Though the breach was disclosed in May, insiders say Coinbase had knowledge of the issue as early as January.

The incident was traced to a TaskUs agent who allegedly photographed customer data and sold it to hackers. TaskUs fired two staff, saying the breach seemed part of a broader campaign targeting several Coinbase service providers.

Operations in Indore were suspended, impacting 226 staff, most of whom received severance.

Hackers accessed names, addresses, masked banking data, and ID documents, but no funds or passwords were compromised. On 11 May, Coinbase received a $20 million ransom demand.

CEO Brian Armstrong rejected the threat and instead offered a $20 million reward for information leading to the attackers’ arrest.

The breach, which affected under 1% of users, has triggered a shareholder lawsuit accusing Coinbase of failing to disclose the incident promptly.

Although its stock dipped 7% after the news, it has since recovered, supported by the company’s recent inclusion in the S&P 500 index.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Cyber attack hits Lee Enterprises staff data

Thousands of current and former employees at Lee Enterprises have had their data exposed following a cyberattack earlier this year.

Hackers accessed to the company’s systems in early February, compromising sensitive information such as names and Social Security numbers before the breach was contained the same day.

Although the media firm, which operates over 70 newspapers across 26 US states, swiftly secured its networks, a three-month investigation involving external cybersecurity experts revealed that attackers accessed databases containing employee details.

The breach potentially affects around 40,000 individuals — far more than the company’s 4,500 current staff — indicating that past employees were also impacted.

The stolen data could be used for identity theft, fraud or phishing attempts. Criminals may even impersonate affected employees to infiltrate deeper into company systems and extract more valuable information.

Lee Enterprises has notified those impacted and filed relevant disclosures with authorities, including the Maine Attorney General’s Office.

Headquartered in Iowa, Lee Enterprises draws over 200 million monthly online page views and generated over $611 million in revenue in 2024. The incident underscores the ongoing vulnerability of media organisations to cyber threats, especially when personal employee data is involved.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Vodafone fined €45 million in Germany over data privacy violations

German data protection authorities have imposed a €45 million ($51.2 million) fine on Vodafone for what they described as serious data privacy breaches involving both third-party sales practices and weak digital security systems. The Federal Commissioner for Data Protection (BfDI) cited ‘malicious behaviour’ by partner agencies and security flaws that allowed unauthorised access to customer accounts.

Investigators found that some of Vodafone’s partner agencies engaged in fraudulent conduct, including altering or forging contracts to the detriment of customers. Vodafone was fined €15 million for failing to properly supervise these partners, as required by the European Union’s General Data Protection Regulation (GDPR).

Additionally, a €30 million fine was levied due to vulnerabilities in Vodafone’s customer authentication systems, which potentially allowed outsiders to access sensitive services like eSIM profiles. Vodafone has acknowledged the issues, attributing them to inadequate data protection checks at the time.

The company expressed regret for the impact on customers and emphasized that under new management, it has overhauled its data protection protocols to prevent future breaches.

Louisa Specht-Riemenschneider, Germany’s federal data protection commissioner, underscored the importance of data security, stating that user trust in digital services depends on strong safeguards. She added that proper compliance can even be a competitive advantage, as EU regulators continue to crack down on companies that violate GDPR standards.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Eminem sues Meta over copyright violations

Eminem has filed a major lawsuit against Meta, accusing the tech giant of knowingly enabling widespread copyright infringement across its platforms. The rapper’s publishing company, Eight Mile Style, is seeking £80.6 million in damages, claiming 243 of his songs were used without authorisation.

The lawsuit argues that Meta, which owns Facebook, Instagram and WhatsApp, allowed tools such as Original Audio and Reels to encourage unauthorised reproduction and use of Eminem’s music.

The filing claims it occurred without proper licensing or attribution, significantly diminishing the value of his copyrights.

Eminem’s legal team contends that Meta profited from the infringement instead of ensuring his works were protected. If a settlement cannot be reached, the artist is demanding the maximum statutory damages — $150,000 per song — which would amount to over $109 million.

Meta has faced similar lawsuits before, including a high-profile case in 2022 brought by Epidemic Sound, which alleged the unauthorised use of thousands of its tracks. The latest claim adds to growing pressure on social media platforms to address copyright violations more effectively.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cyber attacks and ransomware rise globally in early 2025

Cyber attacks have surged by 47% globally in the first quarter of 2025, with organisations facing an average of 1,925 attacks each week.

Check Point Software, a cybersecurity firm, warns that attackers are growing more sophisticated and persistent, targeting critical sectors like healthcare, finance, and technology with increasing intensity.

Ransomware activity alone has soared by 126% compared to last year. Attackers are no longer just encrypting files but now also threaten to leak sensitive data unless paid — a tactic known as dual extortion.

Instead of operating as large, centralised gangs, modern ransomware groups are smaller and more agile, often coordinating through dark web forums, making them harder to trace.

The report also notes that cybercriminals are using AI to automate phishing attacks and scan systems for vulnerabilities, allowing them to strike with greater accuracy. Emerging markets remain particularly vulnerable, as they often lack advanced cybersecurity infrastructure.

Check Point urges companies to act decisively by adopting proactive security measures, investing in threat detection and employee training, and implementing real-time monitoring. Waiting for an attack instead of preparing in advance could leave organisations dangerously exposed.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Sam Altman says AI will soon solve complex business problems

OpenAI CEO Sam Altman believes AI is on the verge of helping humans make genuine discoveries and solve complex business problems.

Speaking at the Snowflake Summit 2025, Altman likened today’s AI agents to junior employees, saying they increasingly take on tasks and improve through iteration.

He predicted that by next year, AI agents could contribute to uncovering new knowledge and providing non-trivial business solutions.

His comments come amid a growing shift in the labour market, with firms like Shopify and Duolingo replacing human roles with AI systems to cut costs and increase efficiency.

Recent data shows a 19% drop in AI-performable tasks in online job postings over the last three years. Roles in IT and database administration have seen hiring reductions of over 30%, highlighting how AI is actively reshaping employment.

Altman also highlighted OpenAI’s latest tools, such as Codex and GPT-4.5, designed to handle increasingly sophisticated tasks like coding and software integration.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Google’s AI Edge Gallery boosts privacy with on-device model use

Google has released an experimental app called AI Edge Gallery, allowing Android users to run AI models directly on their devices without needing an internet connection.

The app supports several publicly available models from Hugging Face, including Google’s own lightweight Gemma 3n, and offers tools for image generation, Q&A, and code assistance.

The key feature of the app is its local processing capability, which means data never leaves the user’s device.

This addresses rising concerns over privacy and data security, particularly when interacting with AI tools. By running models locally, users benefit from faster response times and greater control over their data.

AI Edge Gallery includes features such as ‘AI Chat,’ ‘Ask Image,’ and a ‘Prompt Lab,’ where users can experiment with tasks like text summarisation and single-turn AI interactions.

While the app is optimised for lighter models like Gemma 3—just 529MB in size—Google notes that performance will depend on the hardware of the user’s device, with more powerful phones delivering faster results.

Currently in Alpha, the app is open-source and available under the Apache 2.0 licence via GitHub, encouraging developers to explore and contribute. Google is also inviting feedback to shape future updates and improvements.

To enhance app security, especially as AI features become more embedded in mobile experiences, Google suggests integrating secure, passwordless login methods.

Solutions like MojoAuth—offering OTP-based logins via phone or email—can reduce risks of data breaches while offering a smooth, user-friendly authentication process.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Agentic Intelligence set to automate complex tasks with human oversight

Thomson Reuters has unveiled a new AI platform, Agentic Intelligence, designed to automate complex workflows for professionals in tax, legal, and compliance sectors.

The platform integrates directly with existing professional tools, enabling AI to plan, reason, and act on tasks while maintaining audit trails and data control to meet regulatory standards.

A key component of the launch is CoCounsel for Tax, a tool aimed at tax, audit, and accounting professionals. It consolidates firm-specific data, internal knowledge, and regulatory materials into a unified workspace.

Early adopters have reported significant productivity gains, with one accounting firm, BLISS 1041, cutting time spent on residency and filing code reviews from several days to under an hour.

Agentic Intelligence leverages over 20 billion proprietary and public documents and is supported by a network of 4,500 subject matter experts.

Built on partnerships with OpenAI, Anthropic, Google Cloud, and AWS, the platform reflects Thomson Reuters’ strategic shift towards embedding AI across sectors traditionally dependent on manual expertise.

David Wong, chief product officer at Thomson Reuters, said the new platform represents more than a technological upgrade. ‘Agentic AI isn’t a marketing buzzword. It’s a new blueprint for how complex work gets done,’ he said.

‘These systems don’t just assist — they operate within professional workflows, break down tasks, act independently, and escalate where needed, all under human oversight.’

Following CoCounsel for Tax, the next product — Ready to Review — will focus on automating tax return preparation.

The platform is expected to expand into legal, compliance, and risk sectors throughout 2025, building on previous acquisitions such as Materia and Casetext, which have helped lay the foundation for Thomson Reuters’ AI-centric growth strategy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Australia tightens rules for crypto ATMs

Australia has imposed stricter rules on crypto ATM operators to curb scams and ensure compliance with anti-money laundering laws. A $5,000 AUD limit now applies to cash deposits and withdrawals, with scam warnings required on all machines.

Operators must also step up customer verification and improve transaction monitoring. These measures follow an AUSTRAC-led investigation that revealed older Australians, particularly those aged 60 to 70, account for a large share of crypto ATM activity.

Authorities noted that some victims were tricked into handing over life savings via these machines.

AUSTRAC has already denied registration renewal to one provider, Harro’s Empires, due to ongoing misuse risks.

The agency warned that other non-compliant operators could face similar penalties. It also urged broader adoption of cash limits across exchanges to reduce financial crime exposure.

To strengthen awareness, AUSTRAC and the federal police have released educational materials to be displayed near ATMs. The move comes amid rising scam reports, with 150 confirmed cases and over $3.1 million AUD in losses reported within a year.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

TikTok bans ‘SkinnyTok’ hashtag worldwide

TikTok has globally banned the hashtag ‘SkinnyTok’ after pressure from the French government, which accused the platform of promoting harmful eating habits among young users. The decision comes as part of the platform’s broader effort to improve user safety, particularly around content linked to unhealthy weight loss practices.

The move was hailed as a win by France’s Digital Minister, Clara Chappaz, who led the charge and called it a ‘first collective victory.’ She, along with other top French digital and data protection officials, travelled to Dublin to engage directly with TikTok’s Trust and Safety team. Notably, no representatives from the European Commission were present during these discussions, raising questions about the EU’s role and influence in enforcing digital regulations.

While the European Commission had already opened a broader investigation into TikTok over child protection issues in early 2024 under the Digital Services Act (DSA), it has yet to comment on the SkinnyTok case specifically. Despite this, the Commission says it is still coordinating with French authorities on matters related to DSA enforcement.

The episode has spotlighted national governments’ power in pushing for online safety reforms and the uncertain role of the EU institutions in urgent digital policy actions.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!