Privacy and data protection Archives | Page 2 of 284

Social engineering breach exposes 1.4 million Betterment customer records

Betterment has confirmed a data breach affecting around 1.4 million customers after a January 2026 social engineering attack on a third-party platform. Attackers used the access to send fraudulent crypto scam messages posing as official promotions.

The breach occurred after an employee was tricked into sharing login credentials, allowing unauthorised access to internal messaging systems rather than core investment infrastructure. Attackers used the access to send messages promising to multiply cryptocurrency deposits sent to external wallets.

Subsequent forensic analysis and breach monitoring services confirmed that more than 1.4 million unique records were exposed. Betterment said investment accounts and login credentials were not compromised during the incident.

Exposed information included names, email addresses, phone numbers, physical addresses, dates of birth, job titles, location data, and device metadata. Security experts warn that such datasets can enable targeted phishing, identity fraud, and follow-on social engineering campaigns.

Betterment revoked access the same day, notified customers, and launched an external investigation. The breach was formally added to public exposure databases in early February, highlighting the growing risk of human-focused attacks against financial platforms.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Dubai hosts launch of AI tools for university students

The UAE Ministry of Higher Education and Scientific Research has partnered with Microsoft to develop AI agents to help university students find jobs. The initiative was announced in Dubai during a major policy gathering in the UAE.

The collaboration in the UAE will use Microsoft Azure to build prototype AI agents supporting personalised learning and career navigation. Dubai-based officials said the tools are designed to align higher education with labour market needs in the UAE.

Four AI agents are being developed in the UAE, covering lifelong skills planning, personalised learning, course co creation and research alignment. Dubai remains central to the project as a hub for higher education innovation in the UAE.

Officials in the UAE said the partnership reflects national priorities around innovation and a knowledge based economy. Microsoft said Dubai offers an ideal environment to scale AI driven education tools across the UAE.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

User emails and phone numbers leaked in Substack security incident

Substack confirmed a data breach that exposed user email addresses and phone numbers. The company said passwords and financial information were not affected. The incident occurred in October and was later investigated.

Chief executive Chris Best told users the vulnerability was identified in February and has since been fixed, with an internal investigation now underway. The company has not disclosed the technical cause of the breach or why the intrusion went undetected for several months.

Substack also did not confirm how many users were affected or provide evidence showing whether the exposed data has been misused. Users were advised to remain cautious about unexpected emails and text messages following the incident.

The breach was first reported by TechCrunch, which said the company declined to provide further operational details. Questions remain around potential ransom demands or broader system access.

Substack reports more than 50 million active subscriptions, including 5 million paid users, and raised $100 million in Series C funding in 2025, led by BOND and The Chernin Group, with participation from Andreessen Horowitz and other investors.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

TikTok accused of breaching EU digital safety rules

The European Commission has concluded that TikTok’s design breaches the Digital Services Act by encouraging compulsive use and failing to protect users, particularly children and teenagers.

Preliminary findings say the platform relies heavily on features such as infinite scroll, which automatically delivers new videos and makes disengagement difficult.

Regulators argue that such mechanisms place users into habitual patterns of repeated viewing rather than supporting conscious choice. EU officials found that safeguards introduced by TikTok do not adequately reduce the risks linked to excessive screen time.

Daily screen time limits were described as ineffective because alerts are easy to dismiss, even for younger users who receive automatic restrictions. Parental control tools were also criticised for requiring significant effort, technical knowledge and ongoing involvement from parents.

Henna Virkkunen, the Commission’s executive vice-president for tech sovereignty, security and democracy, said addictive social media design can harm the development of young people. European law, she said, makes platforms responsible for the effects their services have on users.

Regulators concluded that compliance with the Digital Services Act would require TikTok to alter core elements of its product, including changes to infinite scroll, recommendation systems and screen break features.

TikTok rejected the findings, calling them inaccurate and saying the company would challenge the assessment. The platform argues that it already offers a range of tools, including sleep reminders and wellbeing features, to help users manage their time.

The investigation remains ongoing and no penalties have yet been imposed. A final decision could still result in enforcement measures, including fines of up to six per cent of TikTok’s global annual turnover.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Slovenia plans social media ban for children under 15

Among several countries lately, Slovenia is also moving towards banning access to social media platforms for children under the age of 15, as the government prepares draft legislation aimed at protecting minors online.

Deputy Prime Minister Matej Arčon said the Education Ministry initiated the proposal and would be developed with input from professionals.

The planned law would apply to major social networks where user-generated content is shared, including TikTok, Snapchat and Instagram. Arčon said the initiative reflects growing international concern over the impact of social media on children’s mental health, privacy and exposure to addictive design features.

Slovenia’s move follows similar debates and proposals across Europe and beyond. Countries such as Italy, France, Spain, UK, Greece and Austria have considered restrictions, while Australia has already introduced a nationwide minimum age for social media use.

Spain’s prime minister recently defended proposed limits, arguing that technology companies should not influence democratic decision-making.

Critics of such bans warn of potential unintended consequences. Telegram founder Pavel Durov has argued that age-based restrictions could lead to broader data collection and increased state control over online content.

Despite these concerns, Slovenia’s government appears determined to proceed, positioning the measure as part of a broader effort to strengthen child protection in the digital space.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU split widens over ban on AI nudification apps

European lawmakers remain divided over whether AI tools that generate non-consensual sexual images should face an explicit ban in the EU legislation.

The split emerged as debate intensified over the AI simplification package, which is moving through Parliament and the Council rather than remaining confined to earlier negotiations.

Concerns escalated after Grok was used to create images that digitally undressed women and children.

The EU regulators responded by launching an investigation under the Digital Services Act, and the Commission described the behaviour as illegal under existing European rules. Several lawmakers argue that the AI Act should name pornification apps directly instead of relying on broader legal provisions.

Lead MEPs did not include a ban in their initial draft of the Parliament’s position, prompting other groups to consider adding amendments. Negotiations continue as parties explore how such a restriction could be framed without creating inconsistencies within the broader AI framework.

The Commission appears open to strengthening the law and has hinted that the AI omnibus could be an appropriate moment to act. Lawmakers now have a limited time to decide whether an explicit prohibition can secure political agreement before the amendment deadline passes.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Germany fines Amazon €59 million for abusing market power in seller pricing

The German competition authority has fined Amazon €59 million for abusing its dominant position by influencing the pricing behaviour of third-party sellers.

Regulators concluded that Amazon’s pricing algorithms and Fair Pricing Policy breached national digital dominance rules and the EU competition law, rather than aligning with fair marketplace standards.

The authority argued that Amazon competes directly with merchants on its platform while shaping their prices through restrictions such as caps that penalise sellers who exceed certain limits.

Officials described that approach as incompatible with healthy competition since a platform should not influence rivals’ commercial strategies while participating in the same market.

Amazon strongly disputed the ruling and claimed the conclusion conflicts with the EU consumer standards. The company argued that the decision forces the platform to promote prices that fail to reflect competitive market conditions and announced it will challenge the findings.

The case follows a 2025 preliminary assessment and builds on Amazon’s earlier designation in 2022 as a company of paramount significance for competition, a judgement upheld by the Federal Court of Justice in Germany in 2024.

A ruling that marks another step in Europe’s efforts to rein in digital platforms that wield extensive influence across multiple markets.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Spain faces escalating battle with Telegram founder

The confrontation between Spain and Telegram founder Pavel Durov has intensified after he claimed that Pedro Sánchez endangered online freedoms.

Government officials responded that the tech executive spread lies rather than engage with the proposed rules in good faith. Sánchez argued that democracy would not be silenced by what he called the techno-oligarchs of the algorithm.

The dispute followed the unveiling of new measures aimed at major technology companies. The plan introduces a ban on social media use for under-16s and holds corporate leaders legally responsible when unlawful or hateful content remains online rather than being removed.

Platforms would also need to adopt age-verification tools such as ID checks or biometric systems, which Durov argued could turn Spain into a surveillance state by allowing large-scale data collection.

Tensions widened as Sánchez clashed with prominent US tech figures. Sumar urged all bodies linked to the central administration to leave X, a move that followed Elon Musk’s accusation that the Spanish leader was acting like a tyrant.

The row highlighted how Spain’s attempt to regulate digital platforms has placed its government in open conflict with influential technology executives.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

TikTok access restored as Albania adopts new protective filters

Albania has l i fted its temporary ban on TikTok after nearly a year, the government announced, saying that concerns about public, social and digital safety have now been addressed and that access will resume nationwide.

The restriction was introduced in March 2025 following a fatal stabbing linked to a social media dispute and aimed to protect younger users instead of exposing them to harmful online content.

Under the new arrangement, authorities are partnering with TikTok to introduce protective filters based on keywords and content controls and to strengthen reporting mechanisms for harmful material.

The government described the decision as a shift from restrictive measures to a phase of active monitoring, inter-institutional cooperation, and shared responsibility with digital platforms.

Although the ban has now been lifted, a court challenge contends that the earlier suspension violated the constitutional right to freedom of expression, and a ruling is expected later in February. Opposition figures also criticised the original ban when it was applied ahead of parliamentary elections.

Despite the formal ban, TikTok remained accessible to many users in Albania through virtual private networks during the year it was in force, highlighting the challenge of enforcing such blocks in practice.

Critics have also noted that addressing the impact on youth may require broader digital education and safety measures.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Claude AI will remain ad-free to preserve user trust and deep reasoning

Anthropic’s official announcement emphasises that Claude will not carry advertising or ad-influenced content within conversations, positioning the AI assistant as a trusted and distraction-free ‘space to think’ for tasks ranging from deep thinking and research to work and personal problem-solving.

The company argues that AI interactions differ fundamentally from search or social media, as users often share context-rich, sensitive information where commercial incentives could conflict with genuinely helpful responses.

In the post, Anthropic explains that while ads have a clear place in many digital products, introducing them into conversational AI would compromise usefulness and trust.

Instead, the company plans to generate revenue through enterprise contracts and paid subscriptions, continuing to invest in product improvements, integrations with third-party tools (e.g., Figma, Asana), and broader access initiatives, all without monetising attention or engagement directly.

The statement also notes that Claude’s conversation data is kept private and anonymous, and that ads could skew model incentives toward engagement metrics rather than solving user problems effectively.

Anthropic positions this approach as central to preserving Claude’s role as a dedicated thinking and productivity assistant.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!