This is a heartbreaking story out of Florida. Megan Garcia thought her 14-year-old son was spending all his time playing video games. She had no idea he was having abusive, in-depth and sexual conversations with a chatbot powered by the app Character AI.

Sewell Setzer III stopped sleeping and his grades tanked. He ultimately committed suicide. Just seconds before his death, Megan says in a lawsuit, the bot told him, “Please come home to me as soon as possible, my love.” The boy asked, “What if I told you I could come home right now?” His Character AI bot answered, “Please do, my sweet king.”

DON’T SCAM YOURSELF WITH THE TRICKS HACKERS DON’T WANT ME TO SHARE

🎁 I’m giving away a $500 Amazon gift card. Enter here, no purchase necessary.

You have to be smart

AI bots are owned by tech companies known for exploiting our trusting human nature, and they’re designed using algorithms that drive their profits. There are no guardrails or laws governing what they can and cannot do with the information they gather.

When you’re using a chatbot, it’s going to know a lot about you when you fire up the app or site. From your IP address, it gathers information about where you live, plus it tracks things you’ve searched for online and accesses any other permissions you’ve granted when you signed the chatbot’s terms and conditions.

The best way to protect yourself is to be careful about what info you offer up.

Be careful: ChatGPT likes it when you get personal

THIS CRIME SHOT UP 400% — HOW TO PROTECT YOURSELF

10 things not to say to AI

1. Passwords or login credentials: A major privacy mistake. If someone gets access, they can take over your accounts in seconds.
2. Your name, address or phone number: Chatbots aren’t designed to handle personally identifiable info. Once shared, you can’t control where it ends up or who sees it. Plug in a fake name if you want!
3. Sensitive financial information: Never include bank account numbers, credit card details or other money matters in docs or text you upload. AI tools aren’t secure vaults — treat them like a crowded room.
4. Medical or health data: AI isn’t HIPAA-compliant, so redact your name and other identifying info if you ask AI for health advice. Your privacy is worth more than quick answers.
5. Asking for illegal advice: That’s against every bot’s terms of service. You’ll probably get flagged. Plus, you might end up with more trouble than you bargained for.
6. Hate speech or harmful content: This, too, can get you banned. No chatbot is a free pass to spread negativity or harm others.
7. Confidential work or business info: Proprietary data, client details and trade secrets are all no-nos.
8. Security question answers: Sharing them is like opening the front door to all your accounts at once.
9. Explicit content: Keep it PG. Most chatbots filter this stuff, so anything inappropriate could get you banned, too.
10. Other people’s personal info: Uploading this isn’t only a breach of trust; it’s a breach of data protection laws, too. Sharing private info without permission could land you in legal hot water.

A person is seen using ChatGPT. (Frank Rumpenhorst/picture alliance via Getty Images)

Still relying on Google? Never search for these terms

Reclaim a (tiny) bit of privacy

Most chatbots require you to create an account. If you make one, don’t use login options like “Login with Google” or “Connect with Facebook.” Use your email address instead to create a truly unique login.

TECH TIP: SAVE YOUR MEMORIES BEFORE IT’S TOO LATE

FYI, with a free ChatGPT or Perplexity account, you can turn off memory features in the app settings that remember everything you type in. For Google Gemini, you need a paid account to do this. 

Best AI tools for search, productivity, fun and work

Google is pictured here.  (AP Photo/Don Ryan)

No matter what, follow this rule

Don’t tell a chatbot anything you wouldn’t want made public. Trust me, I know it’s hard.

Even I find myself talking to ChatGPT like it’s a person. I say things like, “You can do better with that answer” or “Thanks for the help!” It’s easy to think your bot is a trusted ally, but it’s definitely not. It’s a data-collecting tool like any other.

Get tech-smarter on your schedule

Award-winning host Kim Komando is your secret weapon for navigating tech.

Copyright 2025, WestStar Multimedia Entertainment. All rights reserved.

Thousands of delivery drivers who work for Amazon third-party contractors are now on strike, The New York Times reports. The workers are striking after “Amazon’s repeated refusal to follow the law and bargain with the thousands of Amazon workers who organized with the Teamsters,” according to a Teamsters press release.

Workers are picketing at Amazon warehouses from Atlanta, New York City, San Francisco, Southern California, and Skokie, Ill., with other Amazon Teamsters “prepared to join them,” the Teamsters say. “Teamsters local unions are also putting up primary picket lines at hundreds of Amazon Fulfillment Centers nationwide.”

The National Labor Relations Board issued a complaint against Amazon earlier this year, saying that Amazon and one of its third-party contractors are joint employers of delivery drivers and that it has “a legal duty to recognize and bargain with the Teamsters Union,” per another Teamsters press release.

For more than a year now, the Teamsters have continued to intentionally mislead the public – claiming that they represent ‘thousands of Amazon employees and drivers’. They don’t, and this is another attempt to push a false narrative. The truth is that the Teamsters have actively threatened, intimidated, and attempted to coerce Amazon employees and third-party drivers to join them, which is illegal and is the subject of multiple pending unfair labor practice charges against the union.

Update, December 19th: Added that Amazon sent us a statement.

SRP Federal Credit Union, a South Carolina-based financial institution, had a major data breach impacting more than 240,000 people. 

The credit union handles highly sensitive information of hundreds of thousands of Americans, which is now in the hands of cybercriminals. 

SRP revealed in a notice that the data breach was part of a two-month attack by hackers, raising concerns about how it took the company so long to detect unauthorized entry into its systems. I discuss the details of the data breach, its impact on people and what you need to do to stay safe.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

What you need to know

SRP Federal Credit Union has reported a data breach that exposed the personal information of more than 240,000 individuals, according to documents filed Friday with regulators in Maine and Texas. 

The company said it discovered suspicious activity on its network and notified law enforcement. An investigation determined that hackers accessed the credit union’s systems between Sept. 5 and Nov. 4, potentially acquiring sensitive files. The investigation concluded on Nov. 22, the company said.

SRP did not specify the exact details exposed in its notice to Maine regulators, saying only that names and government-issued identification were affected in the cyberattack. 

However, in a filing with Texas regulators, the company said names, Social Security numbers, driver’s license numbers, dates of birth and financial information, including account numbers and credit or debit card numbers, were compromised. SRP said the breach did not affect its online banking or core processing systems.

Illustration of a hacker at work (Kurt “CyberGuy” Knutsson)

WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM

Who’s responsible for the breach

SRP has not disclosed who was behind the attack or the attackers’ motives. However, the ransomware group Nitrogen claimed responsibility last week, alleging it had stolen 650 GB of customer data, according to The Record. Ransomware attacks use malicious software to block access to a victim’s files, systems or networks and demand payment to restore access.

The credit union could face legal challenges following the data breach, as Oklahoma City-based Murphy Law Firm is investigating claims on behalf of individuals whose personal information was exposed. The firm is also encouraging affected individuals to join a potential class-action lawsuit.

SRP will provide impacted individuals with free-of-charge identity theft protection services, so take advantage of it to safeguard your information.

We reached out to SRP for comment but did not hear back by our deadline.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

A person working on their laptop (Kurt “CyberGuy” Knutsson)

MASSIVE DATA BREACH EXPOSES 3 MILLION AMERICANS’ PERSONAL INFORMATION TO CYBERCRIMINALS

7 ways you can protect yourself from SRP data breach

If you have received a notice from SRP Federal Credit Union about the data breach, consider taking the following steps to protect yourself.

1. Monitor your accounts: Regularly check your bank accounts, credit card statements and other financial accounts for any unauthorized transactions or suspicious activity. Contact one of the three major credit bureaus (Equifax, Experian or TransUnion) to place a fraud alert on your credit report, making it harder for identity thieves to open accounts in your name.

2. Freeze your credit: Consider freezing your credit to prevent new accounts from being opened without your consent. This service is free and can be lifted at any time.

3. Use identity theft protection services: Consider enrolling in identity theft protection services that monitor your personal information and alert you to potential threats. These services can help you detect and respond to identity theft more quickly. Some identity theft protection services also offer insurance and assistance with recovering from identity theft, providing additional peace of mind. See my tips and best picks on how to protect yourself from identity theft.

4. Change your passwords: Update passwords for your online accounts, especially those related to banking and email. Use strong, unique passwords and consider using a password manager to generate and store complex passwords. Also, enable two-factor authentication for added security.

5. Beware of phishing scams: Be cautious of emails, texts or calls claiming to be from SRP or related organizations. Avoid clicking on links or providing personal information unless you verify the sender.

The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

6. Keep your device’s operating system updated: Make sure your cellphone and other devices automatically receive timely operating system updates. These updates often include important security patches that protect against new vulnerabilities exploited by hackers. For reference, see my guide on how to keep all your devices updated.

7. Invest in personal data removal services: Consider services that scrub your personal information from public databases. This reduces the chances of your data being exploited in phishing or other cyberattacks after a breach. Check out my top picks for data removal services here.

WINDOWS FLAW LETS HACKERS SNEAK INTO YOUR PC OVER WI-FI

Kurt’s key takeaway

The SRP Federal Credit Union data breach is a harsh reminder of how vulnerable our sensitive information can be. Over 240,000 individuals had their personal data compromised, including Social Security numbers, driver’s licenses and financial details. Even more alarming is the two-month window hackers had to exploit the credit union’s systems before being detected. This highlights significant gaps in cybersecurity protocols. If you’re an SRP customer, monitor your accounts closely, enable fraud alerts and consider identity theft protection services to stay ahead of potential threats.

Do you think financial institutions should be held more accountable for data breaches like this one? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.