Privacy and data protection

Cybercrime surge hits airlines across North America

According to the FBI and cybersecurity experts, a well-known cybercrime group has launched fresh attacks on the airline industry, successfully breaching the networks of several airlines in the US and Canada.

The hackers, identified as ‘Scattered Spider’, are known for aggressive extortion tactics and are now shifting their focus to aviation instead of insurance or retail, their previous targets.

Airline security teams remain on high alert despite no flights or operations being disrupted. Hawaiian Airlines and Canada’s WestJet have acknowledged recent cyber incidents, while sources suggest more affected companies may step forward soon.

Both airlines reported no impact on day-to-day services, likely due to solid internal defences and continuity planning.

The attackers often exploit help desks by impersonating employees or customers to access corporate systems. Experts warn that airline call centres are especially vulnerable, given their importance to customer support.

Cybersecurity firms, including Mandiant, are now supporting the response and advising firms to reinforce these high-risk entry points.

Scattered Spider has previously breached major casinos, insurance, and retail companies. The FBI confirmed it is working with aviation partners to contain the threat and assist victims.

Industry leaders remain alert, noting that airlines, IT contractors, and vendors across the aviation sector are at risk from the escalating threat.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hacktivist attacks surge in Iran–Israel tensions

The Iran–Israel conflict has now expanded into cyberspace, with rival hacker groups launching waves of politically driven attacks.

Following Israel’s military operation against Iran, pro-Israeli hackers known as ‘Predatory Sparrow‘ struck Iran’s Sepah Bank, deleting data and causing significant service disruption.

A day later, the same group targeted Nobitex, Iran’s largest crypto exchange, stealing and destroying over $90 million in assets.

Cyber attacks intensified in the days before and after Israeli strikes. According to NSFOCUS, cyberattacks on Iran peaked three days before the military operation, suggesting pre-attack reconnaissance.

In retaliation, pro-Iranian hackers escalated attacks on Israel on 16 June, focusing on government systems, aerospace, and education.

While attacks on Iran have been fewer, Israeli systems have faced over 1,300 attacks in 2025 alone, with 37% of all global hacktivist activity aimed at Israel since the conflict began.

However, analysts note these attacks have been high in volume but limited in impact. Their malware tactics involve evading antivirus software, deleting data, and turning off recovery systems.

NSFOCUS warns that geopolitical tensions are turning hacktivist groups into informal cyber proxies. Though not formally state-backed, these loosely organised actors align closely with national interests.

As traditional defences lag, cybersecurity experts argue that national infrastructure must adopt more strategic, coordinated defence measures instead of fragmented responses, especially during crises and conflicts.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Google Doppl, the new AI app, turns outfit photos into try-on videos

Google has unveiled Doppl, a new AI-powered app that lets users create short videos of themselves wearing any outfit they choose.

Instead of relying on imagination or guesswork, Doppl allows people to upload full-body photos and apply outfits seen on social media, thrift shops, or friends, creating animated try-ons that bring static images to life.

The app builds on Google’s earlier virtual try-on tools integrated with its Shopping Graph. Doppl pushes things further by transforming still photos into motion videos, showing how clothes flow and fit in movement.

Users can upload their full-body image or choose an AI model to preview outfits. However, Google warns that the fit and details might not always be accurate at an early stage.

Doppl is currently only available in the US for Android and iOS users aged 18 or older. While Google encourages sharing videos with friends and followers, the tool raises concerns about misuse, such as generating content using photos of others.

Google’s policy requires disclosure if someone impersonates another person, but the company admits that some abuse may occur. To address the issue, Doppl content will include invisible watermarks for tracking.

In its privacy notice, Google confirmed that user uploads and generated videos will be used to improve AI technologies and services. However, data will be anonymised and separated from user accounts before any human review is allowed.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Path forward for global digital cooperation debated at IGF 2025

At the 20th Internet Governance Forum (IGF) in Lillestrøm, Norway, policymakers, civil society, and digital stakeholders gathered to chart the future of global internet governance through the WSIS+20 review. With a high-level UN General Assembly meeting scheduled for December, co-facilitators from Kenya and Albania emphasised the need to update the World Summit on the Information Society (WSIS) framework while preserving its original, people-centred vision.

They underscored the importance of inclusive consultations, highlighting a new multistakeholder sounding board and upcoming joint sessions to enhance dialogue between governments and broader communities. The conversation revolved around the evolving digital landscape and how WSIS can adapt to emerging technologies like AI, data governance, and digital public infrastructure.

While some participants favoured WSIS as the primary global framework, others advocated for closer synergy with the Global Digital Compact (GDC), stressing the importance of coordination to avoid institutional duplication. Despite varied views, there was widespread consensus that the existing WSIS action lines, being technology-neutral, can remain relevant by accommodating new innovations.

Speakers from the government, private sector, and civil society reiterated the call to permanently secure the IGF’s mandate, praising its unique ability to foster open, inclusive dialogue without the pressure of binding negotiations. They pointed to IGF’s historical success in boosting internet connectivity and called for more tangible outputs to influence policymaking.

National-level participation, especially from developing countries, women, youth, and marginalised communities, was identified as crucial for meaningful engagement.

The session ended on a hopeful note, with participants expressing a shared commitment to a more inclusive and equitable digital future. As the December deadline looms, the global community faces the task of turning shared principles into concrete action, ensuring digital governance mechanisms remain cooperative, adaptable, and genuinely representative of all voices.

Track all key moments from the Internet Governance Forum 2025 on our dedicated IGF page.

Digital rights under threat: Global majority communities call for inclusive solutions at IGF 2025

At the Internet Governance Forum 2025 in Lillestrøm, Norway, a pivotal session hosted by Oxfam’s RECIPE Project shed light on the escalating digital rights challenges facing communities across the Global majority. Representatives from Vietnam, Bolivia, Cambodia, Somalia, and Palestine presented sobering findings based on research with over 1,000 respondents across nine countries.

Despite the diversity of regions, speakers echoed similar concerns: digital literacy is dangerously low, access to safe and inclusive online spaces remains unequal, and legal protections for digital rights are often absent or underdeveloped.

The human cost of digital inequality was made clear from Bolivia to Palestine. In Bolivia, over three-quarters of respondents had experienced digital security incidents, and many reported targeted violence linked to their roles as human rights defenders.

In Somalia, where internet penetration is high, only a fraction understands how to protect their personal data. Palestine, meanwhile, faces systematic digital discrimination, marked by unequal infrastructure access and advanced surveillance technologies used against its population, exacerbated by ongoing occupation and political instability.

Yet amidst these challenges, the forum underscored a strong sense of resilience and innovation. Civil society organisations from Cambodia and Bolivia showcased bottom-up approaches, such as peer-led digital security training and feminist digital safety networks, which help communities protect themselves and influence policy.

Vietnam emphasised the need for genuine participation in policymaking, rather than formalistic consultations, as a path to more equitable digital governance. The session concluded with a shared call to action: digital governance must prioritise human rights and meaningful participation from the ground up.

Speakers and audience members highlighted the urgent need for multistakeholder cooperation—spanning civil society, government, and the tech industry—to counter misinformation and protect freedom of expression, especially in the face of expanding surveillance and online harm. As one participant from Zambia noted, digital safety must not come at the expense of digital freedom; the two must evolve together.

Track all key moments from the Internet Governance Forum 2025 on our dedicated IGF page.

Hawaiian Airlines confirms flights are safe despite cyberattack

Hawaiian Airlines has reported a cyberattack that affected parts of its IT infrastructure, though the carrier confirmed all flights remain unaffected and are operating as scheduled.

Now part of the Alaska Air Group, the airline stated it is actively working with authorities and cybersecurity experts to investigate and resolve the incident.

In a statement, the airline stressed that the safety and security of passengers and staff remain its highest priority. It has taken steps to protect its systems, restoring affected services while continuing full operations. No disruption to passenger travel has been reported.

The exact nature of the attack has not been disclosed, and no group has claimed responsibility so far. The Federal Aviation Administration (FAA) confirmed it monitors the situation closely and remains in contact with the airline. It added that there has been no impact on flight safety.

Cyberattacks in aviation are becoming increasingly common due to the sector’s heavy reliance on complex digital systems. Earlier incidents this year included cyberattacks on WestJet and Japan Airlines, which caused operational disruptions but did not compromise passenger data.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Le Chat leads AI privacy ranking report

A new report has revealed that Le Chat from Mistral AI is the most privacy-respecting generative AI, with ChatGPT and Grok close behind. The study by Incogni assessed nine popular services against 11 criteria covering data use, sharing and transparency.

Meta AI came last, flagged for poor privacy practices and extensive data sharing. According to the findings, Gemini and Copilot also performed poorly in protecting user privacy.

Incogni highlighted that several services, including ChatGPT and Grok, allow users to stop their data from being used for training. However, other providers like Meta AI, Pi AI and Gemini offered no clear way to opt-out.

The report warned that AI firms often share data with service providers, affiliates, researchers and law enforcement. Clear, readable privacy policies and opt-out tools were key for building trust.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

BT report shows rise in cyber attacks on UK small firms

A BT report has found that 42% of small businesses in the UK suffered a cyberattack in the past year. The study also revealed that 67% of medium-sized firms were targeted, while many lacked basic security measures or staff training.

Phishing was named the most common threat, hitting 85% of businesses in the UK, and ransomware incidents have more than doubled. BT’s new training programme aims to help SMEs take practical steps to reduce risks, covering topics like AI threats, account takeovers and QR code scams.

Tris Morgan from BT highlighted that SMEs face serious risks from cyber attacks, which could threaten their survival. He stressed that security is a necessary foundation and can be achieved without vast resources.

The report follows wider warnings on AI-enabled cyber threats, with other studies showing that few firms feel prepared for these risks. BT’s training is part of its mission to help businesses grow confidently despite digital dangers.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Internet Governance Forum marks 20 years of reshaping global digital policy

The 2025 Internet Governance Forum (IGF), held in Norway, offered a deep and wide-ranging reflection on the IGF’s 20-year journey in shaping digital governance and its prospects for the future.

Bringing together voices from governments, civil society, the technical community, business, and academia, the session celebrated the IGF’s unique role in institutionalising a multistakeholder approach to internet policymaking, particularly through inclusive and non-binding dialogue.

Moderated by Avri Doria, who has been with the IGF since its inception, the session focused on how the forum has influenced individuals, governments, and institutions across the globe. Doria described the IGF as a critical learning platform and a ‘home for evolving objectives’ that has helped connect people with vastly different viewpoints over the decades.

Professor Bitange Ndemo, Ambassador of Kenya to the European Union, reflected on his early scepticism, admitting that stakeholder consultation initially felt ‘painful’ for policymakers unfamiliar with collaborative approaches.

Over time, however, it proved ‘much, much easier’ for implementation and policy acceptance. ‘Thank God it went the IGF way,’ he said, emphasising how early IGF discussions guided Kenya and much of Africa in building digital infrastructure from the ground up.

Hans Petter Holen, Managing Director of RIPE NCC, underlined the importance of the IGF as a space where ‘technical realities meet policy aspirations’. He called for a permanent IGF mandate, stressing that uncertainty over its future limits its ability to shape digital governance effectively.

Renata Mielli, Chair of the Internet Steering Committee of Brazil (CGI.br), spoke about how IGF-inspired dialogue was key to shaping Brazil’s Internet Civil Rights Framework and Data Protection Law. ‘We are not talking about an event or a body, but an ecosystem,’ she said, advocating for the IGF to become the focal point for implementing the UN Global Digital Compact.

Funke Opeke, founder of MainOne in Nigeria, credited the IGF with helping drive West Africa’s digital transformation. ‘When we launched our submarine cable in 2010, penetration was close to 10%. Now it’s near 50%,’ she noted, urging continued support for inclusion and access in the Global South.

Qusai Al Shatti, from the Arab IGF, highlighted how the forum helped embed multistakeholder dialogue into governance across the Arab world, calling the IGF ‘the most successful outcome of WSIS‘.

From the civil society perspective, Chat Garcia Ramilo of the Association for Progressive Communications (APC) described the IGF as a platform to listen deeply, to speak, and, more importantly, to act’. She stressed the forum’s role in amplifying marginalised voices and pushing human rights and gender issues to the forefront of global internet policy.

Luca Belli of FGV Law School in Brazil echoed the need for better visibility of the IGF’s successes. Despite running four dynamic coalitions, he expressed frustration that many contributions go unnoticed. ‘We’re not good at celebrating success,’ he remarked.

Isabelle Lois, Vice Chair of the UN Commission on Science and Technology for Development (CSTD), emphasised the need to ‘connect the IGF to the wider WSIS architecture’ and ensure its outcomes influence broader UN digital frameworks.

Other voices joined online and from the floor, including Dr Robinson Sibbe of Digital Footprints Nigeria, who praised the IGF for contextualising cybersecurity challenges, and Emily Taylor, a UK researcher, who noted that the IGF had helped lay the groundwork for key initiatives like the IANA transition and the proliferation of internet exchange points across Africa.

Youth participants like Jasmine Maffei from Hong Kong and Piu from Myanmar stressed the IGF’s openness and accessibility. They called for their voices to be formally recognised within the multistakeholder model.

Veteran internet governance leader Markus Kummer reminded the room that the IGF’s ability to build trust and foster dialogue across divides enabled global cooperation during crucial events like the IANA transition.

Despite the celebratory tone, speakers repeatedly stressed three urgent needs: a permanent IGF mandate, stronger integration with global digital governance efforts such as the WSIS and Global Digital Compact, and broader inclusion of youth and underrepresented regions.

As the forum entered its third decade, many speakers agreed that the IGF’s legacy lies in its meetings or declarations and the relationships, trust, and governance culture it has helped create. The message from Norway was clear: in a fragmented and rapidly changing digital world, the IGF is more vital than ever—and its future must be secured.

Track all key moments from the Internet Governance Forum 2025 on our dedicated IGF page.

Children safety online in 2025: Global leaders demand stronger rules

At the 20th Internet Governance Forum in Lillestrøm, Norway, global leaders, technology firms, and child rights advocates gathered to address the growing risks children face from algorithm-driven digital platforms.

The high-level session, Ensuring Child Security in the Age of Algorithms, explored the impact of engagement-based algorithmic systems on children’s mental health, cultural identity, and digital well-being.

Shivanee Thapa, Senior News Editor at Nepal Television and moderator of the session, opened with a personal note on the urgency of the issue, calling it ‘too urgent, too complex, and too personal.’

She outlined the session’s three focus areas: identifying algorithmic risks, reimagining child-centred digital systems, and defining accountability for all stakeholders.

Crowd, Person, Audience, Electrical Device, Microphone, Podium, Speech, People

Leanda Barrington-Leach, Executive Director of the Five Rights Foundation, delivered a powerful opening, sharing alarming data: ‘Half of children feel addicted to the internet, and more than three-quarters encounter disturbing content.’

She criticised tech platforms for prioritising engagement and profit over child safety, warning that children can stumble from harmless searches to harmful content in a matter of clicks.

‘The digital world is 100% human-engineered. It can be optimised for good just as easily as for bad,’ she said.

Norway is pushing for age limits on social media and implementing phone bans in classrooms, according to Minister of Digitalisation and Public Governance Karianne Tung.

‘Children are not commodities,’ she said. ‘We must build platforms that respect their rights and wellbeing.’

Salima Bah, Sierra Leone’s Minister of Science, Technology, and Innovation, raised concerns about cultural erasure in algorithmic design. ‘These systems often fail to reflect African identities and values,’ she warned, noting that a significant portion of internet traffic in Sierra Leone flows through TikTok.

Bah emphasised the need for inclusive regulation that works for regions with different digital access levels.

From the European Commission, Thibaut Kleiner, Director for Future Networks at DG Connect, pointed to the Digital Services Act as a robust regulatory model.

He challenged the assumption of children as ‘digital natives’ and called for stronger age verification systems. ‘Children use apps but often don’t understand how they work — this makes them especially vulnerable,’ he said.

Representatives from major platforms described their approaches to online safety. Christine Grahn, Head of Public Policy at TikTok Europe, emphasised safety-by-design features such as private default settings for minors and the Global Youth Council.

‘We show up, we listen, and we act,’ she stated, describing TikTok’s ban on beauty filters that alter appearance as a response to youth feedback.

Emily Yu, Policy Senior Director at Roblox, discussed the platform’s Trust by Design programme and its global teen council.

‘We aim to innovate while keeping safety and privacy at the core,’ she said, noting that Roblox emphasises discoverability over personalised content for young users.

Thomas Davin, Director of Innovation at UNICEF, underscored the long-term health and societal costs of algorithmic harm, describing it as a public health crisis.

‘We are at risk of losing the concept of truth itself. Children increasingly believe what algorithms feed them,’ he warned, stressing the need for more research on screen time’s effect on neurodevelopment.

The panel agreed that protecting children online requires more than regulation alone. Co-regulation, international cooperation, and inclusion of children’s voices were cited as essential.

Davin called for partnerships that enable companies to innovate responsibly. At the same time, Grahn described a successful campaign in Sweden to help teens avoid criminal exploitation through cross-sector collaboration.

Tung concluded with a rallying message: ‘Looking back 10 or 20 years from now, I want to know I stood on the children’s side.’

Track all key moments from the Internet Governance Forum 2025 on our dedicated IGF page.