2025 in Review: The Year Privacy Got Real

For a long time, privacy felt theoretical, technical, like something you worried about after a breach, after a scam, after your information ended up somewhere it shouldn’t. That illusion was crushed this year, a catastrophe reviewed in this week’s episode of “What the Hack?”

Our focus is cybercrime, cybersecurity and the ways personal data moves through the world. Per usual, the stories we covered showed up in real lives with real consequences, but something changed this year. The stakes seemed higher as the divide between online exposure and real-world harm increasingly disappeared.

When Technology Outpaces the Rules

First up in this review, Ben Winters, Director of AI and Privacy at the Consumer Federation of America. We talked about the gap between AI’s promises and how these systems actually function.

The focus wasn’t on generative AI hype but something older and more dangerous: algorithmic systems fueled by personal data, operating with minimal oversight so that location data, purchase histories, browsing behavior, and a lot more enter systems where we have little or no visibility—primary uses quietly become secondary uses, secondary uses change the primary source enough to make it disappear into the haze of IP and private, sometimes sensitive data turned AI “genetic” material.

In most U.S. states, there are still few meaningful restrictions on how personal data is collected, sold, reused, or combined. When data moves faster than accountability, people get hurt, and we talked about that. Very much worth a listen.

Remote Work as a Back Door

One of the most unsettling stories this year came by way of Fortune’s West Coast editor Amanda Gerut’s reporting on the North Korean IT worker scam.

First thing to know: This is widespread. That’s scary because was appears to be ordinary remote hiring involves stolen U.S. identities, company-issued laptops shipped to American homes hosting illicit laptop farms, salaries quietly routed through payment apps and crypto back to North Korea. According to the UN, the operation generates up to $600 million annually, funding nuclear weapons programs through legitimate employment.

This wasn’t a technology failure but a failure of identity verification, data hygiene, and trust. The personal information we leave exposed can be weaponized at national scale, and the real-world consequences could be literally nuclear-level bad.

The Industrialization of Scams

In “Jackals of Trust,” cybersecurity researcher Gary Warner showed us how organized the scamscape has become. Nigerian campus cults—criminal confraternities—operate global scam networks like businesses, running romance scams and business email compromise operations with scripted conversations shared in Telegram channels.

Victims aren’t random, they’re profiled. Their personal details—names, job titles, email addresses, family members—are the raw material. Data brokers, breaches, and oversharing feed the machine. This isn’t petty fraud, it’s an economy. We look at the full spectrum scam assault launched by these confraternities, and how you can make you and your family harder to hit.

When the Harm Comes Home

The most painful stories aren’t usually about a nation-state or criminal network but rather about one particular person hit in a particular way.

We revisit our conversation with Ken Westbrook, a former CIA officer, described how his 83-year-old mother lost most of her life savings to a fake Microsoft popup and a staged phone scam. The criminals knew where she banked, spoofed phone numbers, and coached her to lie to tellers.

This wasn’t an intelligence failure but a privacy failure, and even more importantly a failure of communication caused by successful communications on the part of a criminal.

The End of Anonymity

Finally, there was the Coldplay concert story. A couple appears briefly on a Jumbotron. Within hours, the internet identifies them, connects their names, workplaces, spouses, and home addresses. Facial recognition, social platforms, and public records do the rest.

We revisited this moment because it perfectly captured the compounding effect of surveillance technologies layered on top of one another. Face tracking plus phone tracking plus searchable personal data equals instant re-identification. Privacy didn’t fail at that concert because it was never present to begin with.

Why This Matters

From AI systems trained on personal data to scams powered by identity exposure to viral moments that erase anonymity in seconds, 2025 showed us plainly that privacy is no longer abstract. It’s physical, financial, and deeply personal.

Protecting it isn’t about disappearing from the internet but about making yourself harder to target in a world where data moves fast and consequences move faster. That’s the threatscape we live in now, and understanding it is the first step toward staying safe.