Cybersecurity

M&S Sparks scheme returns after cyber attack

Marks & Spencer has fully reinstated its Sparks loyalty programme following a damaging cyberattack that disrupted operations earlier this year. The retailer confirmed that online services are back and customers can access offers, discounts, and rewards again.

In April, a cyber breach forced M&S to suspend parts of its IT system and halt Sparks communications. Customers had raised concerns about missing benefits, prompting the company to promise a full recovery of its loyalty platform.

M&S has introduced new Sparks perks to thank users for their patience, including enhanced birthday rewards and complimentary coffees. Staff will also receive a temporary discount boost to 30 percent on selected items this weekend.

Marketing director Sharry Cramond praised staff efforts and customer support during the disruption, calling the recovery a team effort. Meanwhile, according to the UK National Crime Agency, four individuals suspected of involvement in cyber attacks against M&S and other retailers have been released on bail.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Singapore probes cyberattacks on critical infrastructure linked to UNC3886

Singapore is addressing cyberattacks on its critical information infrastructure attributed to the state-sponsored cyberespionage group UNC3886. On 18 July, Coordinating Minister for National Security K. Shanmugam identified the group as an advanced persistent threat (APT) actor capable of long-term network infiltration to gather intelligence or disrupt essential services. He noted that UNC3886 is currently targeting high-value strategic assets in Singapore but did not name any state sponsor.

Cybersecurity firm Mandiant, which first reported on UNC3886 in 2022, has characterised it as a ‘China-nexus espionage group‘ that has previously targeted organisations in the defence, technology, and telecommunications sectors across the United States and Asia.

In response, the Chinese embassy in Singapore denied any connection to UNC3886. In a statement published over the weekend, it described the allegations as ‘groundless smears and accusations’ and reiterated that China opposes all forms of cyberattacks under its laws. The embassy stated that China does not encourage, support, or condone hacking activities.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

AI governance needs urgent international coordination

A GIS Reports analysis emphasises that as AI systems become pervasive, they create significant global challenges, including surveillance risks, algorithmic bias, cyber vulnerabilities, and environmental pressures.

Unlike legacy regulatory regimes, AI technology blurs the lines among privacy, labour, environmental, security, and human rights domains, demanding a uniquely coordinated governance approach.

The report highlights that leading AI research and infrastructure remain concentrated in advanced economies: over half of general‑purpose AI models originated in the US, exacerbating global inequalities.

Meanwhile, facial recognition or deepfake generators threaten civic trust, amplify disinformation, and even provoke geopolitical incidents if weaponised in defence systems.

The analysis calls for urgent public‑private cooperation and a new regulatory paradigm to address these systemic issues.

Recommendations include forming international expert bodies akin to the IPCC, and creating cohesive governance that bridges labour rights, environmental accountability, and ethical AI frameworks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hidden malware in DNS records bypasses defences

Security researchers at DomainTools have revealed a novel and stealthy cyberattack method: embedding malware within DNS records. Attackers are storing tiny, encoded pieces of malicious code inside TXT records across multiple subdomains.

The fragments are individually benign, but once fetched and reassembled, typically using PowerShell, they form fully operational malware, including Joke Screenmate prankware and a more serious PowerShell stager that can download further payloads.

DNS traffic is often treated as trustworthy and bypasses many security controls. The growing use of encrypted DNS services like DoH and DoT makes visibility even harder, creating an ideal channel for covert malware delivery.

Reported cases include the fragmentation of Joke Screenmate across hundreds of subdomain TXT records and instances of Covenant C2 stagers hidden in this manner.

Security teams are urged to ramp up DNS analytics, monitor uncommon TXT query patterns, and utilize comprehensive threat intelligence feeds. While still rare in the wild, this technique’s simplicity and stealthiness suggest it could gain traction soon

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Co-op confirms massive data breach as retail cyberattacks surge

All 6.5 million members of the Co-op had their personal data compromised in a cyberattack carried out on 30 April, the company’s chief executive has confirmed.

Shirine Khoury-Haq said the breach felt ‘personal’ after seeing the toll it took on IT teams fighting off the intrusion. She spoke in her first interview since the breach, broadcast on BBC Breakfast.

Initial statements from the Co-op described the incident as having only a ‘small impact’ on internal systems, including call centres and back-office operations.

Alleged hackers soon contacted media outlets and claimed to have accessed both employee and customer data, prompting the company to update its assessment.

The Co-op later admitted that data belonging to a ‘significant number’ of current and former members had been stolen. Exposed information included names, addresses, and contact details, though no payment data was compromised.

Restoration efforts are still ongoing as the company works to rebuild affected back-end systems. In some locations, operational disruption led to empty shelves and prolonged outages.

Khoury-Haq recalled meeting employees during the remediation phase and said she was ‘incredibly sorry’ for the incident. ‘I will never forget the looks on their faces,’ she said.

The attackers’ movements were closely tracked. ‘We were able to monitor every mouse click,’ Khoury-Haq added, noting that this helped authorities in their investigation.

The company reportedly disconnected parts of its network in time to prevent ransomware deployment, though not in time to avoid significant damage. Police said four individuals were arrested earlier this month in connection with the Co-op breach and related retail incidents. All have been released on bail.

Marks & Spencer and Harrods were also hit by cyberattacks in early 2025, with M&S still restoring affected systems. Researchers believe the same threat actor is responsible for all three attacks.

The group, identified as Scattered Spider, has previously disrupted other high-profile targets, including major US casinos in 2023.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Surging AI use drives utility upgrades

The rapid rise of AI is placing unprecedented strain on the US power grid, as the electricity demands of massive data centres continue to surge.

Utilities nationwide are struggling to keep up, expanding infrastructure and revising rate structures to accommodate an influx of power-hungry facilities.

Regions like Northern Virginia have become focal points, where dense data centre clusters consume tens of megawatts each and create years-long delays for new connections.

Some next-generation AI systems are expected to require between 1 and 5 gigawatts of constant power, roughly the output of multiple Hoover Dams, posing significant challenges for energy suppliers and regulators alike.

In response, tech firms and utilities are considering a mix of solutions, including on-site natural gas generation, investments in small nuclear reactors, and greater reliance on renewable sources.

At the federal level, streamlined permitting and executive actions are used to fast-track grid and plant development.

‘The scale of AI’s power appetite is unprecedented,’ said Dr Elena Martinez, senior grid strategist at the Centre for Energy Innovation. ‘Utilities must pivot now, combining smart-grid tech, diverse energy sources and regulatory agility to avoid systemic bottlenecks.’

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

South Korea joins US-led multinational cyber exercise

South Korea’s Cyber Operations Command is participating in a US-led multinational cyber exercise this week, the Ministry of National Defence in Seoul announced on Monday.

Seven personnel from the command are taking part in the five-day Cyber Flag exercise, which began in Virginia, United States. This marks South Korea’s fourth participation in the exercise since first joining in 2022.

Launched in 2011, Cyber Flag is an annual exercise designed to enhance cooperation between the United States and its allies, particularly the Five Eyes intelligence alliance, which includes Australia, Canada, New Zealand, the United Kingdom, and the United States. The exercise provides a platform for partner nations to strengthen their collective ability to detect, respond to, and mitigate cyber threats through practical, scenario-based training.

According to the Ministry, Cyber Flag, together with bilateral exercises between South Korean and US cyber commands and the exchange of personnel and technologies, is expected to further advance cooperation between the two countries in the cyber domain.

The Cyber Flag exercise involves the Five Eyes intelligence alliance—comprising the United States, United Kingdom, Australia, Canada, and New Zealand—alongside other partner countries. The program focuses on enhancing collective capabilities to counter cyber threats through practical training.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Fashion sector targeted again as Louis Vuitton confirms data breach

Louis Vuitton Hong Kong is under investigation after a data breach potentially exposed the personal information of around 419,000 customers, according to the South China Morning Post.

The company informed Hong Kong’s privacy watchdog on 17 July, more than a month after its French office first detected suspicious activity on 13 June. The Office of the Privacy Commissioner has now launched a formal inquiry.

Early findings suggest that compromised data includes names, passport numbers, birth dates, phone numbers, email addresses, physical addresses, purchase histories, and product preferences.

Although no complaints have been filed so far, the regulator is examining whether the reporting delay breached data protection rules and how the unauthorised access occurred. Louis Vuitton stated that it responded quickly with the assistance of external cybersecurity experts and confirmed that no payment details were involved.

The incident adds to a growing list of cyberattacks targeting fashion and retail brands in 2025. In May, fast fashion giant Shein confirmed a breach that affected customer support systems.

[Correction] Contrary to some reports, Puma was not affected by a ransomware attack in 2025. This claim appears to be inaccurate and is not corroborated by any verified public disclosures or statements by the company. Please disregard any previous mentions suggesting otherwise.

Security experts have warned that the sector remains a growing target due to high-value customer data and limited cyber defences. Louis Vuitton said it continues to upgrade its security systems and will notify affected individuals and regulators as the investigation continues.

‘We sincerely regret any concern or inconvenience this situation may cause,’ the company said in a statement.

[Dear readers, a previous version of this article highlighted incorrect information about a cyberattack on Puma. The information has been removed from our website, and we hereby apologise to Puma and our readers.]

How to keep your data safe while using generative AI tools

Generative AI tools have become a regular part of everyday life, both professionally and personally. Despite their usefulness, concern is growing about how they handle private data shared by users.

Major platforms like ChatGPT, Claude, Gemini, and Copilot collect user input to improve their models. Much of this data handling occurs behind the scenes, raising transparency and security concerns.

Anat Baron, a generative AI expert, compares AI models to Pac-Man—constantly consuming data to enhance performance. The more information they receive, the more helpful they become, often at the expense of privacy.

Many users ignore warnings not to share sensitive information. Baron advises against sharing anything with AI that one would not give to a stranger, including ID numbers, financial data, and medical results.

Some platforms offer options to reduce data collection. ChatGPT users can disable training under ‘Data Controls’, while Claude collects data only if users opt in. Perplexity and Gemini offer similar, though less transparent, settings.

Microsoft’s Copilot protects organisational data when logged in, but risks increase when used anonymously on the web. DeepSeek, however, collects user data automatically with no opt-out—making it a risky choice.

Users still retain control, but must remain alert. AI tools are evolving, and with digital agents on the horizon, safeguarding personal information is becoming even more critical. Baron sums it up simply: ‘Privacy always comes at a cost. We must decide how much we’re willing to trade for convenience.’

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Meta CEO unveils plan to spend hundreds of billions on AI data centres

Mark Zuckerberg has pledged to invest hundreds of billions of dollars to build a network of massive data centres focused on superintelligent AI. The initiative forms part of Meta’s wider push to lead the race in developing machines capable of outperforming humans in complex tasks.

The first of these centres, called Prometheus, is set to launch in 2026. Another facility, Hyperion, is expected to scale up to 5 gigawatts. Zuckerberg said the company is building several more AI ‘titan clusters’, each one covering an area comparable to a significant part of Manhattan.

He also cited Meta’s strong advertising revenue as the reason it can afford such bold spending despite investor concerns.

Meta recently regrouped its AI projects under a new division, Superintelligence Labs, following internal setbacks and high-profile staff departures.

The company hopes the division will generate fresh revenue streams through Meta AI tools, video ad generators, and wearable smart devices. It is reportedly considering dropping its most powerful open-source model, Behemoth, in favour of a closed alternative.

The firm has increased its 2025 capital expenditure to up to $72 billion and is actively hiring top talent, including former Scale AI CEO Alexandr Wang and ex-GitHub chief Nat Friedman.

Analysts say Meta’s AI investments are paying off in advertising but warn that the real return on long-term AI dominance will take time to emerge.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!