2025 contained its fair share of tech blunders, from outages to breaches and a cosmic number of AI blunders. In an attempt to salvage something good from these mistakes, let’s look back on some of 2025’s biggest tech fails and see what they can teach us about the current state of tech development.
Why Look Back on Blunders
The tech industry moves fast, and that means things break. But sometimes when things break, it can cause wide-reaching impacts for all of us. Looking back on mistakes isn’t about naming and blaming, but instead about acknowledging what happened and learning from the mistakes. The last thing we want is to repeat what we know how to fix and cause long-term harm.
“Never let a good crisis go to waste.”
– Winston Churchill
With that said, let’s take a look at what went wrong this year, and how we can all learn from some of the tech blunders of 2025 to improve the quality, reliability and standards of the tech space.
What we can Learn from 2025’s Tech Blunders
1. Major Cloud Service Outages
What’s surely on the top of most people’s minds as we close out 2025 were those times where the internet stopped ... well ... internet-ing. In the space of about a month, Google, Microsoft, AWS and Cloudflare all experienced global outages. Both the AWS and Cloudflare took out large parts of the internet as services which relied on them went down.
The best part: all these outages were avoidable, and were ultimately caused by a bug that made it into production. Software bugs are a normal part of development, but critical infrastructure needs extra care. There’s the hope that these are caught far before they make it into production. We just hope it was happenstance that they all occurred with a high frequency.
The lesson here is that of strict software quality checks, especially for mission-critical code. It’s one thing for your side-project togo down, but another entirely when you’re a dependency for so many websites. Software like this needs rigorous testing to catch bugs before production, strict programming guidelines to reduce the amount of potentially problematic code, and when things do go wrong, the ability to instantly roll back or recover from issues. This is why, at FONSEKA, we take maintenance seriously and incorporate it into the core of what we do.
2. QANTAS Database Breach
In July, a malicious group gained access to various databases and compromised data of companies like Toyota, Adidas and Disney. For most affected Australians, you may know this as the QANTAS Data Breach. QANTAS said the attackers tricked a QANTAS call centre into granting them access to a production database.
This was a classic example of a social engineering attack, which are becoming more and more frequent as security standards heighten. Instead of targeting a weakness in core infrastructure, if you could instead trick somebody into giving you access, you can effectively bypass all those security measures.
What we learnt here — and what feels like a lesson we face year after year — is that no matter how secure our infrastructure is, people are still a vulnerability that needs to be mitigated. Judging by the growing prevalence of social engineering attacks, this might continue to experience these tech blunders beyond 2025. We’re only human and we will get things wrong. There need to be strict checks and guards in place to stop things like this occurring.
3. Superannuation Account Breaches
Early this year, it was discovered that various members’ Superannuation funds had been accessed, with some finding their retirement savings to have vanished. While this affected very few people, it had disastrous impacts for those it did. These breaches weren’t specific to any one Superannuation provider — in fact it was spread across many.
None of the providers had their systems compromised, but instead it was a credential stuffing breach. These attacks exploit the fact that many people re-use passwords across various accounts by attempting to use leaked username/password combinations on other sites. In this case, the target was Superannuation.
The best lesson from this breach is twofold: use a unique password for all your accounts, and always set-up multi-factor authentication. Making your online accounts secure doesn’t have to be hard if you know what to look for. On their own, either of these two methods would have likely stopped customers’ accounts being compromised, but together form a solid barrier against these types of attacks.
4. Optus 000 Outages
In September, during a ‘regular network upgrade’, some customers found they could not make 000 calls. Sadly, three of their customers only discovered this after attempting to call for assistance. Services like Triple-Zero are crucial for the safety of all Australians, so any downtime is unacceptable. Due to it’s severity, this might be what most people think of when you say “tech blunders of 2025”
The cause? Optus traced it back to procedure not being correctly followed when performing an upgrade. So rather than a bug, glitch or instability, human error caused this outage.
This outage teaches us that protocols are there for a reason. Sticking to them should be a priority, especially when you’re dealing with infrastructure that could save somebody’s life. There are many ways to ensure processes are followed correctly, and the hope is all telecommunications companies (and everybody else with mission-critical infrastructure) learns from this mistake.
5. All the AI Fails
For the amount of AI hype there is around, especially from the likes of OpenAI, it sure does experience a lot of fails. From Deloitte’s $440,000 error-ridden report to the federal government to Lawyers mistakenly trusting AI to write lawsuits and finally to the classic chatbot-gone-rogue, there have been a lot of AI failures this year. And that’s not even mentioning the growing problem of AI slop and fake AI videos.
With AI being shoved deeper into everything in this world, this doesn’t seem to be going away anytime soon. Coupled with its inherit lack of credibility due to AI hallucinations, it can be tough to find the balance between utility and danger. It’s clear that these traits are much deeper than a software update can fix, so instead we need to change our AI use.
The biggest lesson is that Gen AI is a tool, not a replacement for thought. You simply cannot go along with whatever it says and hope for the best. Instead, use AI as a tool, and like with any tool, you first need to understand it’s strengths and weaknesses before using it. There are inherit problems with AI, but equally it can help your workflow; it’s all about how you use it. With regulators starting to choose not to regulate AI, it falls on us to use it responsibly.
Overall Lessons
It’s clear we have a lot of learning to do. Tech blunders won’t stop at 2025, so we need to be on the lookout for what we can learn, and what the future of mistakes might hold. The biggest losers will be those who refuse to learn.
If you’re looking for a long-term software partners who takes security seriously, talk with FONSEKA today. We constantly look around the industry to see what we can do to keep your business’ software safe. Get in touch at https://fonseka.com.au/contact!