Consumer protection

M&S Sparks scheme returns after cyber attack

Marks & Spencer has fully reinstated its Sparks loyalty programme following a damaging cyberattack that disrupted operations earlier this year. The retailer confirmed that online services are back and customers can access offers, discounts, and rewards again.

In April, a cyber breach forced M&S to suspend parts of its IT system and halt Sparks communications. Customers had raised concerns about missing benefits, prompting the company to promise a full recovery of its loyalty platform.

M&S has introduced new Sparks perks to thank users for their patience, including enhanced birthday rewards and complimentary coffees. Staff will also receive a temporary discount boost to 30 percent on selected items this weekend.

Marketing director Sharry Cramond praised staff efforts and customer support during the disruption, calling the recovery a team effort. Meanwhile, according to the UK National Crime Agency, four individuals suspected of involvement in cyber attacks against M&S and other retailers have been released on bail.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Dutch publishers support ethical training of AI model

Dutch news publishers have partnered with research institute TNO to develop GPT-NL, a homegrown AI language model trained on legally obtained Dutch data.

The project marks the first time globally that private media outlets actively contribute content to shape a national AI system.

Over 30 national and regional publishers from NDP Nieuwsmedia and news agency ANP are sharing archived articles to double the volume of high-quality training material. The initiative aims to establish ethical standards in AI by ensuring copyright is respected and contributors are compensated.

GPT-NL is designed to support tasks such as summarisation and information extraction, and follows European legal frameworks like the AI Act. Strict safeguards will prevent content from being extracted or reused without authorisation when the model is released.

The model has access to over 20 billion Dutch-language tokens, offering a diverse and robust foundation for its training. It is a non-profit collaboration between TNO, NFI, and SURF, intended as a responsible alternative to large international AI systems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Co-op confirms massive data breach as retail cyberattacks surge

All 6.5 million members of the Co-op had their personal data compromised in a cyberattack carried out on 30 April, the company’s chief executive has confirmed.

Shirine Khoury-Haq said the breach felt ‘personal’ after seeing the toll it took on IT teams fighting off the intrusion. She spoke in her first interview since the breach, broadcast on BBC Breakfast.

Initial statements from the Co-op described the incident as having only a ‘small impact’ on internal systems, including call centres and back-office operations.

Alleged hackers soon contacted media outlets and claimed to have accessed both employee and customer data, prompting the company to update its assessment.

The Co-op later admitted that data belonging to a ‘significant number’ of current and former members had been stolen. Exposed information included names, addresses, and contact details, though no payment data was compromised.

Restoration efforts are still ongoing as the company works to rebuild affected back-end systems. In some locations, operational disruption led to empty shelves and prolonged outages.

Khoury-Haq recalled meeting employees during the remediation phase and said she was ‘incredibly sorry’ for the incident. ‘I will never forget the looks on their faces,’ she said.

The attackers’ movements were closely tracked. ‘We were able to monitor every mouse click,’ Khoury-Haq added, noting that this helped authorities in their investigation.

The company reportedly disconnected parts of its network in time to prevent ransomware deployment, though not in time to avoid significant damage. Police said four individuals were arrested earlier this month in connection with the Co-op breach and related retail incidents. All have been released on bail.

Marks & Spencer and Harrods were also hit by cyberattacks in early 2025, with M&S still restoring affected systems. Researchers believe the same threat actor is responsible for all three attacks.

The group, identified as Scattered Spider, has previously disrupted other high-profile targets, including major US casinos in 2023.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Fashion sector targeted again as Louis Vuitton confirms data breach

Louis Vuitton Hong Kong is under investigation after a data breach potentially exposed the personal information of around 419,000 customers, according to the South China Morning Post.

The company informed Hong Kong’s privacy watchdog on 17 July, more than a month after its French office first detected suspicious activity on 13 June. The Office of the Privacy Commissioner has now launched a formal inquiry.

Early findings suggest that compromised data includes names, passport numbers, birth dates, phone numbers, email addresses, physical addresses, purchase histories, and product preferences.

Although no complaints have been filed so far, the regulator is examining whether the reporting delay breached data protection rules and how the unauthorised access occurred. Louis Vuitton stated that it responded quickly with the assistance of external cybersecurity experts and confirmed that no payment details were involved.

The incident adds to a growing list of cyberattacks targeting fashion and retail brands in 2025. In May, fast fashion giant Shein confirmed a breach that affected customer support systems.

[Correction] Contrary to some reports, Puma was not affected by a ransomware attack in 2025. This claim appears to be inaccurate and is not corroborated by any verified public disclosures or statements by the company. Please disregard any previous mentions suggesting otherwise.

Security experts have warned that the sector remains a growing target due to high-value customer data and limited cyber defences. Louis Vuitton said it continues to upgrade its security systems and will notify affected individuals and regulators as the investigation continues.

‘We sincerely regret any concern or inconvenience this situation may cause,’ the company said in a statement.

[Dear readers, a previous version of this article highlighted incorrect information about a cyberattack on Puma. The information has been removed from our website, and we hereby apologise to Puma and our readers.]

How to keep your data safe while using generative AI tools

Generative AI tools have become a regular part of everyday life, both professionally and personally. Despite their usefulness, concern is growing about how they handle private data shared by users.

Major platforms like ChatGPT, Claude, Gemini, and Copilot collect user input to improve their models. Much of this data handling occurs behind the scenes, raising transparency and security concerns.

Anat Baron, a generative AI expert, compares AI models to Pac-Man—constantly consuming data to enhance performance. The more information they receive, the more helpful they become, often at the expense of privacy.

Many users ignore warnings not to share sensitive information. Baron advises against sharing anything with AI that one would not give to a stranger, including ID numbers, financial data, and medical results.

Some platforms offer options to reduce data collection. ChatGPT users can disable training under ‘Data Controls’, while Claude collects data only if users opt in. Perplexity and Gemini offer similar, though less transparent, settings.

Microsoft’s Copilot protects organisational data when logged in, but risks increase when used anonymously on the web. DeepSeek, however, collects user data automatically with no opt-out—making it a risky choice.

Users still retain control, but must remain alert. AI tools are evolving, and with digital agents on the horizon, safeguarding personal information is becoming even more critical. Baron sums it up simply: ‘Privacy always comes at a cost. We must decide how much we’re willing to trade for convenience.’

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

OCC urged to delay crypto bank approvals

Major US banking and credit union associations are pressuring regulators to delay granting federal bank licences to crypto firms. These include companies such as Circle, Ripple, and Fidelity Digital Assets.

In a joint letter, the American Bankers Association and others called on the Office of the Comptroller of the Currency (OCC) to halt decisions on these applications, raising what they described as serious legal and procedural issues.

The groups argue that the crypto firms’ business models do not align with the fiduciary activities typically required for national trust banks. They warned that granting such charters without clear oversight could mark a major policy shift and potentially weaken the foundations of the financial system.

The banks also claim the publicly available details of the applications are insufficient for public scrutiny. Some in the crypto sector see this as a sign of resistance from traditional banks fearing competition.

Recent legislative developments, particularly the GENIUS Act’s stablecoin framework, are encouraging more crypto firms to seek national bank charters.

Legal experts say such charters offer broader operational freedom than the new stablecoin licence, making them an increasingly attractive option for firms aiming to operate across all US states.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

UK considers Bitcoin sale to plug budget gap

Chancellor Rachel Reeves is reportedly considering the sale of over £5 billion in seized Bitcoin to help reduce the UK’s growing fiscal deficit. The Treasury is under pressure to find alternative revenue sources amid soaring borrowing costs, high inflation, and sluggish growth.

The Bitcoin in question was mostly confiscated in 2018 during a crackdown on a Chinese Ponzi scheme. Since then, its value has risen dramatically, with initial holdings worth around £300 million now estimated at more than £5 billion.

The assets were linked to convicted money launderers, including Jian Wen, and are currently held by UK law enforcement.

While the sale could help avoid tax increases or spending cuts, critics warn of repeating past mistakes. Comparisons have already been drawn to Gordon Brown’s heavily criticised gold sales in the early 2000s, which resulted in billions in missed profits.

There are also unresolved legal concerns about returning funds to victims of the fraud.

Some observers argue the UK should consider holding the Bitcoin as a strategic reserve, in line with countries like El Salvador. Analysts note that the US also sold off seized Bitcoin from 2014 to 2021, missing out on a potential $21 billion gain.

If the UK follows through with the sale, many believe it could prove to be one of the most short-sighted fiscal moves in recent history.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

DuckDuckGo adds new tool to block AI-generated images from search results

Privacy-focused search engine DuckDuckGo has launched a new feature that allows users to filter out AI-generated images from search results.

Although the company admits the tool is not perfect and may miss some content, it claims it will significantly reduce the number of synthetic images users encounter.

The new filter uses open-source blocklists, including a more aggressive ‘nuclear’ option, sourced from tools like uBlock Origin and uBlacklist.

Users can access the setting via the Images tab after performing a search or use a dedicated link — noai.duckduckgo.com — which keeps the filter always on and also disables AI summaries and the browser’s chatbot.

The update responds to growing frustration among internet users. Platforms like X and Reddit have seen complaints about AI content flooding search results.

In one example, users searching for ‘baby peacock’ reported seeing just as many or more AI images than real ones, making it harder to distinguish between fake and authentic content.

DuckDuckGo isn’t alone in trying to tackle unwanted AI material. In 2024, Hiya launched a Chrome extension aimed at spotting deepfake audio across major platforms.

Microsoft’s Bing has also partnered with groups like StopNCII to remove explicit synthetic media from its results, showing that the fight against AI content saturation is becoming a broader industry trend.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

GENIUS Act signed as stablecoin regulation divides opinion

President Donald Trump has officially signed the GENIUS Act into law, marking a historic step in establishing a legal framework for stablecoins in the US. The act, passed with bipartisan support on 18 July, introduces the first rules for the $250 billion stablecoin market.

While Trump hailed the bill’s passage as a major achievement, backlash has emerged from both politicians and crypto insiders. Republican Representative Marjorie Taylor Greene condemned the bill, arguing it could secretly enable the rollout of a central bank digital currency (CBDC).

She warned that stablecoins under state control may function like a surveillance tool and criticised the absence of a clause banning CBDCs from the legislation.

Outside Capitol Hill, concerns were echoed by prominent Bitcoin advocate Justin Bechler, who likened the act to a covert power grab by central authorities. He claimed that fully compliant, state-enforced stablecoins effectively amount to CBDCs in practice.

Jean Rausis of SmarDex also described the bill as a ‘CBDC trojan horse’.

However, some believe the criticism is misplaced. Journalist Eleanor Terrett noted that the GENIUS Act includes language that prohibits the Federal Reserve from launching a retail CBDC.

Senator Tim Scott supported this view, stating the act does not expand the Fed’s powers in any direction resembling a digital currency for the public.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Mastercard expands crypto partnerships after stablecoin law

The passage of the GENIUS Act in July has brought renewed focus on the relationship between digital asset firms and traditional financial institutions. Mastercard signalled readiness for a new era in digital assets, highlighting efforts to integrate stablecoins with conventional payment systems.

Mastercard’s collaboration with blockchain firms such as Ripple, Consensys, and Fireblocks was highlighted in a presentation shared by crypto researcher SMQKE.

The slide underscored Mastercard’s involvement in central bank digital currency (CBDC) initiatives alongside Visa and other partners, reflecting a commitment to making digital currencies as easy to use as cash.

Ripple’s presence in Mastercard’s network indicates its rising importance in regulated, institutional-grade solutions. Known for its work on real-time cross-border settlements, Ripple is well placed to benefit from the clearer regulatory landscape established by the GENIUS Act.

The legislative certainty encourages more traditional finance players and crypto firms to form lasting partnerships and expand compliant stablecoin applications.

The new law defines who can issue stablecoins and under what conditions, providing financial institutions with confidence to explore innovative payment models.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot