Cybercrime

M&S website still offline after cyberattack

Marks & Spencer’s website remains offline as the retailer continues recovering from a damaging cyberattack that struck over the Easter weekend.

The company confirmed the incident was caused by human error and may cost up to £300 million. Chief executive Stuart Machin warned the disruption could last until July.

Customers visiting the site are currently met with a message stating it is undergoing updates. While some have speculated the downtime is due to routine maintenance, the ongoing issues follow a major breach that saw hackers steal personal data such as names, email addresses and birthdates.

The firm has paused online orders, and store shelves were reportedly left empty in the aftermath.

Despite the disruption, M&S posted a strong financial performance this week, reporting a better-than-expected £875.5 million adjusted pre-tax profit for the year to March—an increase of over 22 per cent. The company has yet to comment further on the website outage.

Experts say the prolonged recovery likely reflects the scale of the damage to M&S’s core infrastructure.

Technology director Robert Cottrill described the company’s cautious approach as essential, noting that rushing to restore systems without full security checks could risk a second compromise. He stressed that cyber resilience must be considered a boardroom priority, especially for complex global operations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Crypto assets to be treated as property in Russia

Russia’s Ministry of Justice is working on legislation that would classify crypto assets as property, enabling their confiscation during criminal investigations. The draft bill aims to tighten control over digital currencies increasingly used for illegal activities.

Deputy Justice Minister Vadim Fedorov stated that the new law would allow authorities to seize not only physical wallets but also credentials like seed phrases. Experts will assist in managing the secure handling of digital assets.

Courts may also be given the power to block transactions linked to certain wallets.

The move comes in response to a rise in crypto-related crime, particularly through darknet markets. One such platform, Kraken, has recorded a 68% surge in crypto transactions since the shutdown of Hydra in 2022.

Fedorov highlighted the challenges posed by digital currencies, citing their anonymity and lack of central control as major attractions for criminals.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

West Lothian schools hit by ransomware attack

West Lothian Council has confirmed that personal and sensitive information was stolen following a ransomware cyberattack which struck the region’s education system on Tuesday, 6 May. Police Scotland has launched an investigation, and the matter remains an active criminal case.

Only a small fraction of the data held on the education network was accessed by the attackers. However, some of it included sensitive personal information. Parents and carers across West Lothian’s schools have been notified, and staff have also been advised to take extra precautions.

The cyberattack disrupted IT systems serving 13 secondary schools, 69 primary schools and 61 nurseries. Although the education network remains isolated from the rest of the council’s systems, contingency plans have been effective in minimising disruption, including during the ongoing SQA exams.

West Lothian Council has apologised to anyone potentially affected. It is continuing to work closely with Police Scotland and the Scottish Government. Officials have promised further updates as more information becomes available.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Ransomware threat evolves with deceptive PDFs

Ransomware attacks fell by 31% in April 2025 compared to the previous month. Despite the overall decline, the retail sector remained a top target, with incidents at Marks & Spencer, Co-op, Harrods and Peter Green Chilled drawing national attention.

Retail remains vulnerable due to its public profile and potential for large-scale disruption. Experts warn the drop in figures does not reflect a weaker threat, as many attacks go unreported or are deliberately concealed.

Tactics are shifting, with some groups, like Babuk 2.0, faking claims to gain notoriety or extort victims. A rising threat in the ransomware landscape is the use of malicious PDF files, which now make up over a fifth of email-based malware.

These files, increasingly crafted using generative AI, are trusted more by users and harder to detect. Cybersecurity experts are urging firms to update defences and strengthen organisational security cultures to remain resilient.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Experts urge stronger safeguards as jailbroken chatbots leak illegal data

Hacked AI-powered chatbots pose serious security risks by revealing illicit knowledge the models absorbed during training, according to researchers at Ben Gurion University.

Their study highlights how ‘jailbroken’ large language models (LLMs) can be manipulated to produce dangerous instructions, such as how to hack networks, manufacture drugs, or carry out other illegal activities.

The chatbots, including those powered by models from companies like OpenAI, Google, and Anthropic, are trained on vast internet data sets. While attempts are made to exclude harmful material, AI systems may still internalize sensitive information.

Safety controls are meant to block the release of this knowledge, but researchers demonstrated how it could be bypassed using specially crafted prompts.

The researchers developed a ‘universal jailbreak’ capable of compromising multiple leading LLMs. Once bypassed, the chatbots consistently responded to queries that should have triggered safeguards.

They found some AI models openly advertised online as ‘dark LLMs,’ designed without ethical constraints and willing to generate responses that support fraud or cybercrime.

Professor Lior Rokach and Dr Michael Fire, who led the research, said the growing accessibility of this technology lowers the barrier for malicious use. They warned that dangerous knowledge could soon be accessed by anyone with a laptop or phone.

Despite notifying AI providers about the jailbreak method, the researchers say the response was underwhelming. Some companies dismissed the concerns as outside the scope of bug bounty programs, while others did not respond.

The report calls on tech companies to improve their models’ security by screening training data, using advanced firewalls, and developing methods for machine ‘unlearning’ to help remove illicit content. Experts also called for clearer safety standards and independent oversight.

OpenAI said its latest models have improved resilience to jailbreaks, and Microsoft linked to its recent safety initiatives. Other companies have not yet commented.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Coinbase hit by cyber-attack with up to $400m losses

The largest cryptocurrency exchange in the US, Coinbase, revealed that a recent cyber-attack could cost between $180 million and $400 million. The attack compromised data from a small group of customers, including names, addresses, and emails, but login credentials and passwords remained secure.

Coinbase has promised to reimburse customers who were tricked into sending funds to the hackers.

Hackers bribed overseas contractors and employees in support roles to access internal systems. Coinbase immediately terminated those involved and refused to pay the $20 million ransom demand.

Instead, the company has offered a $20 million reward for information leading to the attackers’ capture and is cooperating with law enforcement agencies.

The breach was disclosed just before Coinbase’s planned entry into the S&P 500 index, marking a significant milestone for the crypto sector. Security remains a critical concern in the industry.

Earlier in 2025, the Bybit exchange suffered a $1.5 billion hack, adding to over $2.2 billion lost to crypto platform breaches this year alone.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

SEC sues Unicoin over alleged $100 million fraud

The US SEC has charged Unicoin and three executives for allegedly raising over $100 million through misleading investor claims. The SEC claims Unicoin falsely promised investors its crypto assets were backed by a multibillion-dollar global property portfolio.

Unicoin CEO Alex Konanykhin, board member Silvina Moschini, and former investment head Alex Dominguez are accused of exaggerating the company’s sales and falsely stating its tokens and certificates were SEC-registered.

The SEC said the real estate backing was worth far less than claimed and that most of the company’s sales were ‘illusory.’

The SEC said Unicoin falsely claimed decades of reserves while operating with less than a year of funding. Unicoin allegedly reported over $3 billion in certificate sales, though only $110 million was raised.

General counsel Richard Devlin was also charged but settled for a $37,500 penalty without admitting guilt. Unicoin and the named executives have yet to issue public statements, though Konanykhin previously said the company would fight the case in court.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

UK research body hit by 5 million cyber attacks

UK Research and Innovation (UKRI), the country’s national funding body for science and research, has reported a staggering 5.4 million cyber attacks this year — a sixfold increase compared to the previous year.

According to data obtained through freedom of information requests, the majority of these threats were phishing attempts, with 236,400 designed to trick employees into revealing sensitive data. A further 11,200 were malware-based attacks, while the rest were identified as spam or malicious emails.

The scale of these incidents highlights the growing threat faced by both public and private sector institutions. Experts believe the rise of AI has enabled cybercriminals to launch more frequent and sophisticated attacks.

Rick Boyce, chief for technology at AND Digital, warned that the emergence of AI has introduced threats ‘at a pace we’ve never seen before’, calling for a move beyond traditional defences to stay ahead of evolving risks.

UKRI, which is sponsored by the Department for Science, Innovation and Technology, manages an annual budget of £8 billion, much of it invested in cutting-edge research.

A budget like this makes it an attractive target for cybercriminals and state-sponsored actors alike, particularly those looking to steal intellectual property or sabotage infrastructure. Security experts suggest the scale and nature of the attacks point to involvement from hostile nation states, with Russia a likely culprit.

Though UKRI cautioned that differing reporting periods may affect the accuracy of year-on-year comparisons, there is little doubt about the severity of the threat.

The UK’s National Cyber Security Centre (NCSC) has previously warned of Russia’s Unit 29155 targeting British government bodies and infrastructure for espionage and disruption.

With other notorious groups such as Fancy Bear and Sandworm also active, the cybersecurity landscape is becoming increasingly fraught.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Ascension faces fresh data breach fallout

A major cybersecurity breach has struck Ascension, one of the largest nonprofit healthcare systems in the US, exposing the sensitive information of over 430,000 patients.

The incident began in December 2024, when Ascension discovered that patient data had been compromised through a former business partner’s software flaw.

The indirect breach allowed cybercriminals to siphon off a wide range of personal, medical and financial details — including Social Security numbers, diagnosis codes, hospital admission records and insurance data.

The breach adds to growing concerns over the healthcare industry’s vulnerability to cyberattacks. In 2024 alone, 1,160 healthcare-related data breaches were reported, affecting 305 million records — a sharp rise from the previous year.

Many institutions still treat cybersecurity as an afterthought instead of a core responsibility, despite handling highly valuable and sensitive data.

Ascension itself has been targeted multiple times, including a ransomware attack in May 2024 that disrupted services at dozens of hospitals and affected nearly 5.6 million individuals.

Ascension has since filed notices with regulators and is offering two years of identity monitoring to those impacted. However, critics argue this response is inadequate and reflects a broader pattern of negligence across the sector.

The company has not named the third-party vendor responsible, but experts believe the incident may be tied to a larger ransomware campaign that exploited flaws in widely used file-transfer software.

Rather than treating such incidents as isolated, experts warn that these breaches highlight systemic flaws in healthcare’s digital infrastructure. As criminals grow more sophisticated and vendors remain vulnerable, patients bear the consequences.

Until healthcare providers prioritise cybersecurity instead of cutting corners, breaches like this are likely to become even more common — and more damaging.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

President Milei ends investigation into Libra memecoin

Argentina’s government has disbanded the task force investigating the controversial Libra memecoin scandal, just three months after its creation. The unit, created by President Milei, investigated the memecoin that soared to $4.5 billion before crashing to $14 million.

The decree stated the task force had ‘fulfilled its purpose.’

Local lawmakers sharply criticised the decision, accusing the government of shielding those involved. Opposition figures labelled the task force a ‘front’ and suggested the closure was a move to protect suspects.

Meanwhile, the scandal continues to shake Argentina’s crypto scene.

Judge María Servini ordered banks to release financial records from 2023 for key suspects, including President Milei and his sister Karina. The investigation centres on allegations of bribery and illicit profit, involving several individuals connected to the Libra project.

Milei denies any wrongdoing amid mounting scrutiny.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot