Marks & Spencer has temporarily suspended some of its popular meal deal offers as the retailer continues to grapple with the fallout from a serious cyber attack.
Signs in stores, including at major transport hubs such as Victoria Station, explain that availability issues have made it impossible to fulfil certain promotions, and ask customers for patience while the company works through the disruption.
Instead of offering its usual lunchtime combinations and dine-in meal deals priced between £6 and £15, M&S is facing stock shortfalls due to the hack, which is now in its third week.
The attack is reportedly linked to a group of teenage hackers using ransomware tactics, locking computer systems and demanding payment for their release.
The breach has already caused significant operational challenges, with fears internally that the disruption could drag on for weeks. Sources suggest the financial impact could run into tens of millions in lost orders, as systems remain frozen and supply chains struggle to recover.
Meal deal suspensions are the latest sign of the broader strain the retailer is under as it scrambles to restore normal service.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Elon Musk’s social media platform, X, experienced evident disruptions on Monday, 10 March 2025, affecting tens of thousands of users worldwide. The outages began around 6 a.m. Eastern Time, peaking at approximately 10 a.m. with over 41,000 reported issues, according to Downdetector. Users reported difficulties accessing the platform on mobile devices and computers worldwide, with services gradually returning to normal later in the day.
Elon Musk attributed these disruptions to a ‘massive cyberattack’, suggesting that a large, coordinated group or possibly a nation-state was involved. He said, ‘We get attacked every day, but this was done with many resources. Either a large, coordinated group and/or a country is involved.’ However, cybersecurity experts have expressed scepticism regarding Musk’s claims. They note that Distributed Denial of Service (DDoS) attacks, which overwhelm servers with excessive traffic, can be executed by relatively small groups or even individuals without the backing of a nation-state.
Musk further elaborated in an interview with Fox Business’ Larry Kudlow, asserting that the attack originated from IP addresses in the ‘Ukraine area’. This claim has raised eyebrows among cybersecurity professionals, as attributing cyberattacks based solely on IP addresses is notoriously unreliable. Attackers often use proxy servers and botnets across various countries to mask their true location, making definitive attribution challenging.
Either way, the timing of this cyberattack coincides with a tumultuous period for Musk’s business ventures, notably Tesla. Shares of Tesla have plummeted 15.4% to $222.15, their lowest since October. This decline is attributed to waning investor confidence due to the company’s declining global sales. Namely, Tesla experienced its first annual global sales decline last year, with significant drops in key markets such as California, Europe, and China. Analysts foresee a further 5% drop in US deliveries for 2025.
Compounding these financial challenges is Musk’s public alliance with President Donald Trump. Musk has been a prominent supporter of the Trump administration, contributing $277 million to Trump’s campaign and allied Republicans, making him the largest individual political donor in the 2024 election. This alliance has sparked a backlash from Tesla’s predominantly environmentally conscious customer base, leading to protests at Tesla showrooms and acts of vandalism against vehicles.
Furthermore, Musk has been appointed by President Trump to lead the newly established Department of Government Efficiency (DOGE), aiming to streamline federal operations and reduce unnecessary expenditures. Musk’s unconventional approach to this role, including setting up a gaming PC in the Secretary of War Suite at the Eisenhower Executive Office Building, has drawn both attention and criticism. His methods have been described as radical, openly dismissing traditional roles and respect for federal employees and their work.
Conclusions:
First, the convergence of these events—the cyberattack on X, Tesla’s market challenges, and Musk’s deepening political engagements—paints a complex picture of the current landscape surrounding Musk’s enterprises. The cyberattack raises questions about X’s security infrastructure and the potential motives behind such an attack. If a nation-state were indeed involved, it could signify a targeted effort to disrupt a platform influential in global communications.
Secondly, Tesla’s declining stock value means broader concerns about the company’s future performance amid increasing competition in the electric vehicle market. Companies like China’s BYD are emerging as formidable competitors, challenging Tesla’s market share. Musk’s political affiliations may also alienate a segment of Tesla’s customer base, further impacting sales.
Lastly, Musk’s alliance with President Trump positions him at a crucial intersection of business and politics. While this relationship significantly influences policies that could benefit his ventures, it also subjects him to heightened scrutiny and potential backlash. Public perception of Musk is becoming increasingly polarised, which could have additional and lasting implications for his businesses.
For more information on cybersecurity, digital policies, AI governance and other related topics, visit diplomacy.edu.
Musk suggested the attack was backed by significant resources, possibly indicating involvement by a large group or nation-state.
In other news:
Tusk warns against arrogance after US-Poland social media clash
In a recent post on X, Poland’s Prime Minister, Donald Tusk, has urged allies to show respect and avoid arrogance, following a heated social media exchange between Polish and US officials.
Trump’s viral ‘Everything is computer’ sparks new meme coin frenzy
A new meme coin, Everything is Computer (EIC), has taken the crypto market by storm after a viral comment from US President Donald Trump.
Switzerland will require operators of critical infrastructure to report cyberattacks to the National Cyber Security Centre (NCSC) within 24 hours from 1 April 2025, with fines for non-compliance taking effect…
The tax aims to target the profits of major tech companies to support local tech development, though its timing has sparked internal government debate.
The lawsuit claims Meta violated intellectual property rights by using the authors’ works without permission and removing copyright information to cover up the infringement.
The ECB is also addressing privacy concerns and exploring blockchain technologies amid competitive pressure from global digital currencies like China’s digital yuan and US stablecoins.
The situation has attracted potential buyers, including former Los Angeles Dodgers owner Frank McCourt, with analysts estimating TikTok’s value at up to $50 billion.
Developed using 120 Nvidia H100 GPUs in four weeks, the model is based on Meta’s Llama 3.1 architecture and is optimised for traditional Chinese and Taiwanese language styles.
The EU’s bold Digital Markets and Services Acts set the stage for a transatlantic clash with the US over the regulation of tech giants. As Brussels pursues digital sovereignty, Washington…
Can the SDGs serve as guardrails for metaverse development? In Part 4 of her blog series, Dr Anita Lamprech examines how human rights, ethics, and digital policies must evolve alongside immersive technologies.
UNESCO’s Recommendation on the Ethics of Artificial Intelligence sets a global standard for AI governance. It provides a framework for policymakers to ensure AI development aligns with ethical and inclusive principles.
The Trump administration’s decision to stipulate a cyber peace with Russia marks a dramatic shift in US cyber strategy, reflecting certain diplomatic efforts to resolve the ongoing Russia-Ukraine conflict. The decision to halt offensive cyber operations against Russia, reportedly directed by National Security Adviser Pete Hegseth, has ignited debates over US national security, intelligence operations, and international cyber policy implications. Critics warn that the move weakens US cyber deterrence, emboldening adversaries like Russia to act with impunity, while proponents argue that de-escalation in cyberwarfare could improve diplomatic engagement.
The order to US Cyber Command to stop all ongoing cyber-offensive activities — as well as any planned activity — targeting Russian cyber infrastructure, which has often been linked to disinformation campaigns, espionage, and election interference, comes with other fundamental changes the Trump administration wants to implement to recalibrate US-Russia relations. The same Pete Hegseth, appointed under President Donald Trump as the US Secretary of Defence, played a key role in advocating for the policy shift, aligning it with Trump’s broader agenda of reducing hostilities with Moscow and prioritising direct diplomatic channels over covert cyber operations. Such a cybersecurity policy change is an extension of the administration’s reluctance to escalate confrontations with Russia, especially in cyberspace, which remains a critical battleground in modern geopolitical conflicts.
However, the decision provoked immediate backlash from lawmakers and national security experts. Senate Minority Leader Chuck Schumer labelled the move a ‘critical strategic mistake,’ arguing that an equally strong offensive capability must complement a robust cyber defence. Schumer’s concerns are echoed by a broader faction in Washington that sees this decision as a capitulation to Russian cyber aggression. In an era where cyberattacks have become a core instrument of statecraft, critics argue that the USA cannot afford to cede ground, particularly to a country accused of interfering in elections and orchestrating widespread cyberespionage.
Beyond domestic political implications, the halt of US cyber operations raises serious concerns for America’s allies. Representative Adam Smith, the Ranking Member of the House Armed Services Committee, has called for greater transparency on the matter, demanding clarity from the Pentagon on the policy’s scope and its impact on intelligence-sharing agreements with NATO partners. The USA has long played a leadership role in countering Russian cyber threats, and this policy shift introduces uncertainties for European allies who have relied on American cyber expertise to fortify their digital defences.
Despite mounting criticism, the Pentagon and the Cybersecurity and Infrastructure Security Agency (CISA) have downplayed the significance of the change. The US Department of Defense has officially denied the statements of the press. A senior defence official stated that the USA remains committed to defending its digital infrastructure and countering foreign cyber threats but emphasised that cyber policy adjustments should not be interpreted as a retreat from broader security commitments. However, scepticism remains about whether this is a calculated diplomatic manoeuvre or a strategic misstep that could embolden adversaries like Russia further to expand their cyber operations without fear of US retaliation.
The complexity in the US cybersecurity sector
Recent media coverage of the US government’s actions on cybersecurity with Russia has overlooked the complexity of the US cybersecurity sector. A potential halt in cyber operations against Russia, if implemented, would primarily impact US Cyber Command’s offensive operations, which focus on advancing US national interests and military objectives.
However, such measures would not affect the operations of CISA (Cybersecurity and Infrastructure Security Agency), which is responsible for domestic and civilian cybersecurity, or the NSA (National Security Agency), which handles intelligence gathering.
The US policy shift partially depicts the evolving dynamics of cyberwarfare, where offence and defence are deeply interconnected. Without an offensive cyber strategy, intelligence agencies may struggle to prevent threats, leaving the USA and its allies vulnerable to cyber incursions. Some experts fear this move could set a dangerous precedent, signalling to other adversaries, including China and Iran, that the USA is scaling back its cyber posture. So, we pose the question: Will the Trump administration’s decision ultimately improve diplomatic relationships or expose the USA to greater cyber vulnerabilities in an unstable digital battlefield, geopolitically speaking?
For more information on cybersecurity, digital policies, AI governance and other related topics, visit diplomacy.edu.
The closure of USAID has sparked debate on the future of soft power and public digital diplomacy in a world dominated by hard power. Questions arise about the relevance of…
In other news:
Microsoft retires Skype, focuses on Teams
Skype, the pioneering internet calling service that revolutionised communication in the early 2000s, will make its final call on 5 May, as Microsoft retires the platform after two decades.
Musk’s bid to halt OpenAI’s for-profit transition rejected
A US court has denied Elon Musk’s request for a preliminary injunction against OpenAI’s transition into a for-profit organisation.
The Trump administration is shifting its stance by no longer recognising Russia as a significant cyber threat to US national security, deviating from previous intelligence assessments. This change is communicated…
A landmark agreement to replace the outdated passport stamping process by collecting biometric data, including photos and fingerprints, from non-EU visitors.
The IMF emphasised that the government should not accrue Bitcoin or issue debt instruments tied to it in an effort to improve governance, transparency, and economic resilience while mitigating risks…
The start-up’s transparent approach includes insights into its cost management strategies, such as load balancing to optimise computing power and distribute work efficiently across servers and data centres.
UNESCO’s Recommendation on the Ethics of Artificial Intelligence sets a global standard for AI governance. It provides a framework for policymakers to ensure AI development aligns with ethical and inclusive principles.
In today’s digital world, protecting state data is essential. Data embassies, supported by the Vienna Convention, provide an innovative solution. Countries like Estonia and Monaco use them to enhance cybersecurity, ensuring data remains safe and secure.
The Amazons were real. DNA from warrior burials across the Eurasian steppes proves many were women. But what do they teach us about society? Aldo Matteucci examines.
Last week, the UN Open-Ended Working Group (OEWG) on the security of the use of information and communications technologies in 2021–2025 held its tenth substantive session, the penultimate session of the group before its mandate concludes in July of this year.
Tensions ran high since the first day, with attributions of cyberattacks and rights of reply denouncing those attributions taking centre stage. The states held tightly to their positions, largely unchanged since the last session in December 2024. The Chair pointed out that direct dialogue was lacking, with participants instead opting for a virtual town hall approach—circulating their positions and posting them on the portal, and reminded delegates that whatever decisions to be made would be made by consensus, urging them to demonstrate flexibility.
Ransomware, AI, and threats to critical infrastructure remain the biggest concerns of countries regarding the threat landscape. Even as countries don’t agree on an exhaustive list of threats or their sources, there is a strong emphasis on collective and cooperative responses such as capacity development and knowledge sharing to reduce the risk of these threats, as well as mitigate and manage them.
The long-standing debate between implementing existing norms and developing new ones continued. However, this session saw ASEAN countries take a more pragmatic approach, emphasising concrete steps toward implementing agreed norms while maintaining openness to discussing new ones in parallel. At the same time, the call from developing countries for greater capacity development gained momentum, underscoring the challenge of implementing norms without sufficient resources and support.
The discussions on international law have shown little progress in drawing closer between the positions states hold — there is still no consensus on the necessity of new legally binding regulations for cyberspace. There is also discord on how to proceed with discussing international law in the future permanent UN mechanism on cybersecurity.
Discussions on confidence-building measures (CBMs) were largely subdued, as few new CBMs were introduced, and states didn’t overly detail their POC Directory experience. Many states shared their CBM implementation, which is often linked to regional initiatives and best practices, showing eagerness to operationalise CBMs. It seems states now anticipate the future permanent mechanism to serve as the forum for detailed CBM discussions.
The Voluntary Fund and the Capacity-Building Portal have increasingly been regarded as key deliverables of the OEWG process. However, states remain cautious about the risk of duplicating existing global and regional initiatives, and a clear consensus has yet to emerge regarding the objectives of these deliverables.
States are still grappling with thematic groups and non-state stakeholder engagement questions in the future permanent mechanism. The Chair’s upcoming reflections and town halls will likely get the ball rolling on finding elements for the future permanent mechanism acceptable to all delegations.
Delegations have much to agree upon and exceedingly little time to do so. While this has been the mantra for the last two years, negotiations are now truly entering the eleventh hour, and consensus remains elusive. This spells trouble not just for the group’s final report, but also uncertainty for the future of UN cybersecurity discussions that the report will chart.
For more information on cybersecurity, digital policies, AI governance and other related topics, visit diplomacy.edu.
The Open-Ended Working Group (OEWG) on the security of and in the use of information and communications technologies in 2021–2025 will hold its seventh substantive session on 17-21 February 2025 in New York, the USA.
In other news:
Trump’s team considers tighter semiconductor trade restrictions on China with international cooperation
Donald Trump’s team is considering stronger semiconductor restrictions on China, expanding on measures introduced during Joe Biden’s presidency.
EU Commission proposes enhanced cyber crisis management framework
The EU Commission introduced a proposal aimed at strengthening the EU’s response to large-scale cyber attacks.
The EU Commission’s proposal seeks to boost cybersecurity cooperation among Member States through collaborative clusters, a common crisis management taxonomy, ongoing exercises, improved DNS strategies, and enhanced information sharing.
A new wave of competition is emerging against Elon Musk’s Starlink, with rivals like China’s SpaceSail and Jeff Bezos’s Project Kuiper entering the satellite internet market.
Despite being one of the world’s most influential platforms, YouTube remains shrouded in mystery. A team of researchers has devised an unconventional way to uncover hidden statistics, challenging the carefully…
Known for its cost-effective and innovative strategies, DeepSeek is challenging more expensive Western AI models by using efficient Nvidia hardware and advanced techniques like Mixture-of-Experts (MoE).
The OEWG’s tenth session in February 2025 saw states emphasise collective action against cyber threats, address divisions on norms implementation and binding regulations, highlight the Voluntary Fund and Capacity-Building Portal,…
These approaches illustrate a global shift towards embracing AI’s transformative potential while considering the ethical and societal implications, fostering international cooperation to future-proof technological advancements.
Augmented reality features like ‘Tabletop’ allow NBA fans to view matches from multiple angles, analyse performances in real time, and simulate alternative outcomes.
UNESCO’s Recommendation on the Ethics of Artificial Intelligence sets a global standard for AI governance. It provides a framework for policymakers to ensure AI development aligns with ethical and inclusive principles.
The closure of USAID marks an important shift in U.S. foreign policy, potentially weakening American soft power and leaving a vacuum that rivals like China may exploit. As global diplomacy evolves, questions arise about the future of influence, public diplomacy, and the role of digital networks in shaping international relations.
How ready are countries for the metaverse? Nations are taking different approaches – state-led, industry-driven, or hybrid models. Where does your country stand? Dr Anita Lamprecht explores.
Once, diplomacy was a game of kings, queens, and marriages. Now, it’s a world of sub-federal actors, corporations, NGOs, and diasporas. The ambassador is no longer the sole conduit of statecraft – just one node in a growing network. Aldo Matteucci writes.
The primary goal of this webinar is to provide a platform for dialogue, knowledge sharing, and collaboration among policymakers, tourism stakeholders, and digital technology experts.
A US federal judge has warned key members of the judiciary to remain vigilant against potential cyberattacks by foreign actors that could target election-related litigation. Judge Michael Scudder, who chairs the judiciary’s IT committee, highlighted the risks during a US Judicial Conference meeting, stressing the need for heightened security during the election season to guard against misinformation and interference attempts.
Scudder referenced recent warnings from United States intelligence agencies, which pointed to foreign adversaries using the upcoming elections as an opportunity to undermine trust in the government. He mentioned that while no current cyber threats targeting the judiciary have been identified, the courts could be at risk, especially with the possibility of election-related cases emerging in the near future.
The federal judiciary has faced cyberattacks before, with three foreign actors breaching the document-filing system in 2020. The incident led to changes in how sensitive documents are handled in lower courts. Scudder urged his colleagues to remain cautious, given that election-related litigation may again come before the courts in the upcoming election cycle.
Cybersecurity remains a concern across all branches of government, as both political campaigns and judicial systems are seen as targets for potential foreign interference. Intelligence agencies have reported recent cyber operations by foreign countries, including Iran, aimed at disrupting US elections.
The Australian gold mining company has confirmed it was targeted by a cyberattack last week, joining a growing list of domestic firms hit by similar breaches. The incident comes as Australia continues to grapple with a wave of cyber attacks that have exposed vulnerabilities in the country’s cyber security infrastructure. Although Evolution Mining has stated that the security breach has been contained, it has not provided further details about the extent of the damage or the nature of the attack.
The company has reported the incident to the Australian Cyber Security Centre, which has acknowledged the report but noted that Evolution Mining did not supply much information on the breach. Despite the attack, Evolution Mining assured that its operations would not be materially impacted. The Australian government has recently strengthened its cyber defences by increasing law enforcement funding and mandating the reporting of cyber attacks as part of a broader security overhaul.
Cyber crime has been on the rise in Australia, with reports increasing by nearly 25% in the year leading up to June 2023. The average cost to victims has also surged by 14%. Experts have pointed out that the country’s cyber security industry is under-resourced and may not be fully equipped to handle the growing threat. The increased collaboration between Australia, the US, and Britain under a new defence agreement has also made Australia a more prominent target for cyber attacks.
The attack on Evolution Mining echoes a series of breaches that have affected major Australian companies in recent years, including Optus, Woolworths, Medibank, DP World Australia and the Australian unit of Shell. These incidents have brought attention to the urgent need for stronger cyber defences as Australia continues to face significant digital security challenges.
Cybersecurity analysts are warning of escalating cyber threats targeting the Paris 2024 Olympics. FortiGuard Labs reports a significant surge in dark web activity targeting France, with an 80-90% increase from late 2023 to mid-2024. These threats are becoming more sophisticated, posing risks to attendees and organisers.
A significant concern is the proliferation of phishing kits designed for the Olympics in France, enabling cybercriminals to deceive users into divulging personal information or downloading malware. Fake ticketing platforms and fraudulent merchandise websites also present financial risks.
Hacktivist groups, particularly from Russia and Belarus, are exploiting the event’s international prominence to disrupt the Olympics for political purposes. Experts warn that these attacks could provoke real-world violence or disrupt the Games and democratic processes in France.
As the Olympics approach, experts emphasise the importance of robust cybersecurity measures. Organisations should implement advanced encryption, stringent access controls, regular security audits, end point protection, caution with public Wi-Fi, and multi-factor authentication (MFA).
The Centres for Medicare and Medicaid Services have announced the discontinuation of a program designed to assist Medicare providers and suppliers impacted by disruptions at UnitedHealth’s technology division, Change Healthcare.
Initiated in response to a hack at Change Healthcare on February 21st by threat actor ‘BlackCat’, the program will now cease accepting new applications as of July 12. It has distributed over $2.55 billion in expedited payments to 4,200 providers such as hospitals and $717.18 million to suppliers including doctors, non-physician practitioners and durable medical equipment suppliers, with a significant portion of these funds already recovered. Providers are now able to effectively submit claims to Medicare.
The cyber incident in February affected a key player in processing medical claims. The US Change Healthcare handles approximately half of all medical claims in the United States, serving about 900,000 physicians, 33,000 pharmacies, 5,500 hospitals, and 600 laboratories, adding to the growing cyber threat posed to the healthcare industry.
Denmark has raised its threat level for destructive cyber attacks from ‘low’ to ‘middle’ due to growing threats from Russia, the Danish Centre for Cyber Security (CFCS) announced on Tuesday. The new level, three on a five-level scale, indicates that while there are actors with the intention and capacity to carry out attacks, there are no specific indications of planned activity.
Defense Minister Troels Lund Poulsen highlighted the increased willingness of Russia to challenge NATO countries through various means, including sabotage and cyber attacks. Despite the heightened cyber threat, Poulsen emphasised that there is no direct military threat to Denmark, based on Danish Defence Intelligence Service assessments.
We’ve reported before that US authorities have been warning against imminent cyberattacks from Russia. This time, it’s the cybersecurity authorities from the Five Eyes – Australia, Canada, New Zealand, the UK, plus the USA – who are warning of the risk that cyberattacks are being planned against critical infrastructures in Ukraine and beyond.
The warning comes in a joint cybersecurity advisory, which refers to US intelligence that the Russian government may be exploring options for potential cyberattacks.
The advisory also notes that cybercrime groups that have recently publicly pledged support for the Russian government ‘have threatened to conduct cyber operations in retaliation for perceived cyber offensives against the Russian government or the Russian people.’ The same threat exists for countries and organisations helping Ukraine.
