From Silicon Valley to Seoul, Paris, and finally Abuja; digital convenience and cyber risk continue to clash leading to tech updates, ransomware, regulatory crackdowns, and data breaches.
Let's have a closer look.
Google Begins Rollout Allowing Users to Change Gmail addresses
Google has announced a long-anticipated update that will allow users to change their @gmail.com email addresses without losing their accounts. The feature, now rolling out gradually, enables account holders to replace old or unwanted email names while retaining the same Google profile.
The company indicated that the update may not yet be available to all users. Once activated, individuals can select a new Gmail address, while the original address remains active as an alias rather than being deleted. Messages sent to both addresses will continue to arrive in the same inbox.
Google clarified that all existing data, including emails, photos, documents, and subscriptions, will remain intact. Users will also be able to sign in using either address across services such as Gmail, Drive, YouTube, and Maps.
But restrictions do apply. Address changes are limited to once every 12 months, and the newly selected email cannot be removed. However, users retain the option to revert to their original address if needed.
Kyowon Reports Data Theft Following Ransomware Attack
South Korean conglomerate Kyowon has revealed that customer data was taken during a ransomware attack that disrupted operations earlier this month. The group became aware of the incident after experiencing service outages, which triggered an internal review and notification to national cybersecurity authorities.
In a public update, Kyowon disclosed that the attack occurred in January and involved unauthorized system access followed by data exfiltration. Mainstream media reports suggest that as many as 9.6 million registered accounts, linked to roughly 5.5 million individuals, may be affected. Further reporting indicated that approximately 600 of the company’s 800 servers were impacted.
While Kyowon has verified that an external data leak occurred, investigations are still ongoing to determine whether customer information was included.
Service restoration is reportedly nearing completion, and no ransomware group has claimed responsibility so far. The incident adds to a growing wave of cyberattacks targeting major South Korean organizations.
France Fines Free Mobile €42 million Over Major Data Breach
France’s data protection authority, the CNIL has imposed cumulative fines of €42 million on Free Mobile and its parent company, Iliad, following a major breach recorded in October 2024. The incident exposed data linked to nearly 23 million mobile and fixed-line subscribers.
Authorities outlined that attackers gained access through an internal management tool, enabling the extraction of customer data that was later offered for sale on a hacker forum. The seller claimed the breach affected over 19 million users and included IBAN details for a significant subset.
Following more than 2,500 complaints, regulators concluded that the companies breached several GDPR obligations. Identified failures included weak employee VPN controls, poor detection of suspicious activity, inadequate communication with affected users, and excessive data retention.
Both companies were instructed to complete outstanding security upgrades within three months, while Free Mobile must also delete unnecessary customer data within six months.
Monroe University Breach Impacts Over 320,000 People
Monroe University has disclosed that a December 2024 cyberattack resulted in the exposure of sensitive data. The institution operates campuses in New York and Saint Lucia.
An internal review identified approximately two weeks of persistent network access. The compromised files contained varying combinations of personal, financial, medical, and student-related information.
Regulatory filings confirmed that 320,973 individuals were affected. Notification letters were issued from January 2, alongside an offer of one year of complimentary credit monitoring and identity protection services.
The breach adds to a growing number of cyber incidents affecting U.S. universities over the past year.
Central Maine Healthcare Breach Affects 145,381 Patients
Central Maine Healthcare has disclosed that unauthorized access to its IT systems exposed sensitive data belonging to more than 145,381 patients. The intrusion was detected in June 2025 following unusual network activity.
Investigators later established that the breach spanned several months, from March to June. Exposed data included patient identifiers, treatment details, insurance records, and Social Security numbers.
Patient notifications were issued in phases as the scope became clearer. The organization has since strengthened monitoring systems and is offering credit and identity protection services.
Nigeria Moves Closer to Binding AI Regulation
Nigeria is positioning itself at the centre of Africa’s technology regulation debate as lawmakers advance a comprehensive artificial intelligence bill. The National Digital Economy and E-Governance Bill aims to introduce enforceable rules governing how AI systems are developed and deployed.
If enacted, the law would shift Nigeria from voluntary guidance to binding oversight, especially for high-risk AI applications in finance, public administration, and automated decision-making.
Developers would be required to submit impact assessments, while regulators would gain powers to issue compliance orders or suspend unsafe systems.
Penalties could reach ₦10 million or up to 2% of local revenue. Regulatory sandboxes are also proposed to allow innovation under supervision, signalling an attempt to balance growth with accountability.
That’s all we have for you for now. To stay abreast of security and AI news, join our newsletter.
And for a detailed look at how AI is transforming threats and defences, download our 2025 Threat Intelligence Report.