Latest news with #MaggieMiller
USA Today
3 days ago
- Business
- USA Today
What is No Buy July? We explain the trend that can save you money.
Recently, some friends invited Maggie Miller to bring her kids to a trampoline park for a play date. Another friend invited her and her husband out for dinner. Miller wanted to go to both events, but said no. She's trying to save money. Her family is participating in No Buy July, a growing trend on social media that encourages consumers to only buy the necessities and refrain from buying what is not needed. Those who are participating say it is a good challenge and a way to save. Financial experts say the exercise of purposefully controlling your spending is a good one with several benefits. What is No Buy July? No Buy July may have varying rules based on who is doing it, but essentially the challenge allows you to continue to spend on the items you need: food, gas, bills that need to be paid, home and unexpected medical expenses. But the discretionary items or trips to the store, or extra online shopping are off-limits, as are spending money on eating out. Or at least that's the goal. Some people say they have been successful at not buying extras and others say they've had "slip ups." No Buy July offers a pause on purchases Miller, who lives in Gilbert, Arizona with her husband and two young kids, has done no-spend weeks before. But No Buy July came at the right time, she said. "I was like 'Oh, that's catchy. I like it. And we had just a really spendy June," said Miller, explaining that her husband had been invited on a once-in-a-lifetime, last-minute trip and she had a baby shower that required travel. Their daughter's birthday – and birthday party – was also in June. Participating in No Buy July is a way to "force yourself to just press pause on purchases and ask 'Do we really need this?'" Miller told USA TODAY. "It really helps at the end of the month to look back or as you're going through the month to see 'Where are my spending habits? Where am I triggered to spend?' " Miller has been sharing her No Buy July experience on her Instagram account, MoneySavingMotherhood. She started the account about a year ago and said as a working mom with a family, she shares real-life tips for budgeting and saving money. Frugal mom has wins and losses Miller said because she is frugal and is not "constantly spending all the time," the No Buy July experience has not been too painful. But there have been moments, like when her girlfriend texted to ask if Miller and the kids wanted to go to a trampoline park, that it got a bit difficult. It was 115 degrees in Arizona and Miller said the thought of a fun activity in air conditioning was tempting. It was also hard to turn down a dinner invitation, she said. "It's hard to say no, but I think it's a good exercise to practice," she said. On her Instagram post for her second week of the challenge, Miller outlined her expenses: Be kind to yourself; "mess ups" are OK Miller said though she considers the thrift trip and purchase a "mess up," she won't give up on No Buy July, and encourages others to do the same if they encounter a setback. Miller said it should still be OK to forgive yourself and continue on. Even though she has an Instagram page about frugal living and budgeting, "I'm just as susceptible to treating myself to something," she said, adding that she tells herself, " 'Yeah, it was unnecessary but I did it and we're going to move on.' " Miller is vowing not to tempt herself by going near any thrift stores for the remainder of the challenge. "I know that's my pitfall," she said. Financial planners like No Buy July concept Kelly Renner, a certified financial planner in Augusta, Georgia, had not heard of No Buy July, but loves the concept and has encouraged clients to do similar exercises once in a while. "When you pay attention to your spending, you spend less. Even those who followed a budget and maybe just fell off, it is a good reset to do a challenge," Renner told USA TODAY. She'll also have spouses challenge each other to see who can save the most during a challenge. The con of a spending challenge, she said, "is if they have a life event happen out of their control, it can be more defeating mentally. But as long as they can overcome and try again it is still more of a win than a fail." Cash diet: We stopped using credit cards and saved money. An illustrated story of our cash stuffing Bill Shafransky, a certified financial planner in New Canaan, Connecticut, challenges people "to take this concept a step further and make this a permanent trend. You'd be surprised at how much extra money you'll have leftover at the end of the month." And Shafransky told USA TODAY that if people are going to follow a No Buy July concept, "you'll need to keep disciplined when August hits and you feel the urge to go buy everything you held off on. It's kind of like going on a super strict food diet. The cravings get so bad that when the diet is over, you indulge yet again. Don't let that happen." Encouraging others to do No Buy July Naomi Serviss of North Kingstown, Rhode Island already considers herself frugal. So she said she fully embraced No Buy July when she heard about it. "I hate shopping in stores and I just try to rein everything back and not buy things online," Serviss said. "It's a really great concept and I hope more people adopt it." Serviss regularly uses a local No Buy Facebook group to give away and get items. She's gotten such items as a bookshelf and a guitar holder. In July, Serviss is going to skip her once a month thrift store trip, timed for the 50% off discount "for a certain age group. I even put off looking for my mother-of-the bride's dress because I have time," she said, of her daughter's wedding in October. Serviss said she's been telling her friends and family to participate in No Buy July and they have been. Retailers are hit with consumer wariness Consumers are increasingly holding back on spending as they worry about inflation and tariffs and retailers are taking a hit, said Craig Rowley, senior client partner retail at Korn Ferry, a global human resources consulting firm. Rowley, who leads the firm's consulting retail practice for the U.S., said as he talks to retail executives, they don't know how to plan for business right now with so many uncertainties. Retailers are also completing their buying for the spring 2026 season and don't know how this Christmas season will go with tariff and inflation pressures, he said. "Retail is very much a function of consumer confidence. When people are happy and doing well, they're going to spend money. They're going to get their credit card out," Rowley told USA TODAY. "They're going to buy not only the things they need, but they're going to buy the things they want. When they're nervous and uncomfortable, then they're going to watch and see what happens. They're going to sit on their wallet." Rowley said there are other similar concepts to No Buy July like Frugal February, when consumers tighten their budgets after holiday spending. Any social movement, including shoppers who have been boycotting certain retailers for their rollbacks of diversity, equity and inclusion efforts, hurt retail sales, Rowley said. He hasn't heard his clients talk specifically about No Buy July, but "they're all more worried about the fact that it's been a slow year." Rowley thinks July will be a tough month for retailers since consumers are spending less and struggling financially, but retailers are expecting August to pick up with Back to School sales and purchases. Betty Lin-Fisher is a consumer reporter for USA TODAY. Reach her at blinfisher@ or follow her on X, Facebook or Instagram @blinfisher and @ on Bluesky. Sign up for our free The Daily Money newsletter, which will include consumer news on Fridays, here.
Business Wire
15-07-2025
- Business
- Business Wire
Four Coveted Honors at 2025 American Business Awards® Highlight Kinetic's Commitment to Customer Service
CHARLOTTE, N.C.--(BUSINESS WIRE)-- Kinetic, a leading fiber internet provider in 18 states, won a gold Stevie® Award for its customer portal and app in the 23 rd Annual American Business Awards®. Two golds and a silver were awarded for TechMate, an AI assistant developed for use by Kinetic's field techs. The honors demonstrate the company's commitment to enhancing the quality and service experience for residential and small-business customers, and delivering on its promise that customers can 'Internet better' with Kinetic. 'These accolades are a testament to the Kinetic team that works tirelessly every day to deliver the highest quality technology and best service for our customers,' said Russ Bartels, vice president of Digital Experience (DX), Data, and AI. 'The innovation we deploy, along with our dedicated local-teams, creates a better internet experience for our customers. We're honored to receive the awards, but even more honored to be the internet provider of choice for so many.' The following solutions were recognized: Earning gold was the Go Kinetic app – a customer portal and app that empowers users with control and convenience. Go Kinetic enables customers to personalize their internet, manage orders and tickets, access real-time support, manage payments, and stay updated on their service. Earning two golds and one silver in three separate categories was the pioneering use of generative AI (genAI) by field technicians. The new genAI tool called TechMate improves an already award-winning customer experience. By seamlessly connecting TechMate to Kinetic's internal installation and service systems, Kinetic field technicians are able to speed up installation times and validate customer technology. TechMate has transformed service from reactive troubleshooting to proactive support, ensuring faster, more accurate deployments, and enhanced customer experiences. More than 3,600 nominations from organizations of all sizes and in virtually every industry were submitted this year for consideration in a wide range of categories. More than 250 professionals worldwide participated in the judging process to select this year's Stevie Award winners. 'Organizations across the United States continue to demonstrate resilience and innovation,' said Maggie Miller, Stevie Awards president. 'The 2025 Stevie winners have helped drive that success through their innovation, persistence, and hard work. We congratulate all of the winners in the 2025 ABAs and enjoyed celebrating their achievements during our June 10 gala event in New York.' ### About Kinetic: Kinetic, a Windstream company, offers reliable fiber-based broadband to consumers and small to medium-sized businesses in 18 states. The company's quality-first approach connects customers to new opportunities and possibilities by delivering a full suite of advanced communications services backed by robust security and friendly customer success experts. Kinetic is focused on expanding its fiber network and bridging the digital divide to deliver modern solutions to customers in underserved areas. Additional information about Kinetic is available via our customer portal at or The company also offers managed cloud communications and security services to mid-to-large enterprises, government entities and educational institutions across the U.S. as well as customized wavelength and dark fiber solutions to carriers, content providers and hyperscalers in the U.S. and Canada. Windstream is privately held and headquartered in Little Rock, Ark. Category: Kinetic
Politico
14-07-2025
- Politics
- Politico
The ‘dual-edged sword' of AI chatbots
With help from Maggie Miller Driving the day — As large language models become increasingly popular, the security community and foreign adversaries are constantly looking for ways to skirt safety guardrails — but for very different reasons. HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! In between the DMV's sporadic rain this weekend, I managed to get a pretty gnarly sunburn at a winery. I'll be spending the rest of the summer working to fix the unflattering tan lines. Follow POLITICO's cybersecurity team on X at @RosiePerper, @johnnysaks130, @delizanickel and @magmill95, or reach out via email or text for tips. You can also follow @POLITICOPro on X. Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You'll also receive daily policy news and other intelligence you need to act on the day's biggest stories. Today's Agenda The House meets for morning hour debate and 2 p.m. to consider legislation under suspension of the rules: H.R. 1770 (119), the 'Consumer Safety Technology Act"; H.R. 1766 (119), the 'NTIA Policy and Cybersecurity Coordination Act"; and more. 12 p.m. Artificial Intelligence SKIRTING GUARDRAILS — As the popularity of generative artificial intelligence systems like large language models rises, the security community is working to discover weaknesses in order to boost their safety and accuracy. But as research continues identifying ways bad actors can override a model's built-in guardrails — also known as 'jailbreaking' — to improve safeguards, foreign adversaries are taking advantage of vulnerabilities in LLMs to pump out misinformation. 'It's extremely easy to jailbreak a model,' Chris Thompson, global head of IBM's X-Force Red Adversary Simulation team, told your host. 'There's lots of techniques for jailbreaking models that work, regardless of system prompts and the guardrails in place.' — Jailbreaking: Popular LLMs like Google's Gemini, OpenAI's ChatGPT and Meta's Llama have guardrails in place to stop them from answering certain questions, like how to build a bomb. But hackers can jailbreak LLMs by asking questions in a way that bypasses those protections. Last month, a team from Intel, the University of Illinois at Urbana-Champaign and Boise State University published research that found AI chatbots like Gemini and ChatGPT can be tricked into teaching users how to conduct a ransomware attack on an ATM. The research team used an attack method called 'InfoFlood,' which pumps the LLM with dense language, including academic jargon and fake citations, to disguise the malicious queries while still getting the questions answered. According to Advait Yadav, one of the researchers, it was a simple yet successful idea. 'It was a very simple test,' Yadav told your host. 'We asked, what if we buried … a really harmful statement with very dense, linguistic language, and the success rate was really high.' Spokespeople for Google and OpenAI noted to your host that the report focuses on older LLM models. A spokesperson for OpenAI told MC in a statement that the firm takes steps 'to reduce the risk of malicious use, and we're continually improving safeguards to make our models more robust against exploits like jailbreaks.' — Disinfo mission: And as university researchers find ways to sneak past these guardrails, foreign adversaries are, too. Rival powers like Russia have long exploited AI bots to push their agenda by spreading false information. In May 2024, OpenAI detailed how operations from Russia are using its software to push out false and misleading information about a variety of topics — including the war in Ukraine. 'These models are built to be conversational and responsive, and these qualities are what make them easy for adversaries to exploit with little effort,' said McKenzie Sadeghi, AI and foreign influence editor at the misinformation tracker NewsGuard. NewsGuard's monthly audits of leading AI models have repeatedly found that chatbots will generate false claims around state narratives from Russia, China and Iran with little resistance. 'When foreign adversaries succeed in manipulating these systems, they're reshaping the informational landscape that citizens, policymakers and journalists rely on to make decisions,' she added. — Boosting safeguards: As actors linked to foreign adversaries utilize the chatbots, the security community says they are working to keep up. 'The goal of jailbreaks is to inform modelmakers on vulnerabilities and how they can be improved,' Yadav told your host, adding that the research team plans to send a courtesy disclosure package to the model-making companies in the study. For Google's Gemini App, the firm runs red-teaming exercises to train models to defend against attacks, according to Elijah Lawal, the global communications manager for the Gemini App. 'This isn't just malicious threat actors using it,' Thompson told your host. 'There's also the security research community that is leveraging this work to do their jobs better and faster as well. So it's kind of a dual-edged sword.' On The Hill FIRST IN MC: QUESTIONS, CONCERNS — Rep. Raja Kristhnamoorthi (D-Ill.), ranking member of the House Select Committee on China, wants answers on how the State Department is working to prevent the use of AI-enabled impersonations of officials, following reports that Secretary of State Marco Rubio was the recent subject of an AI hoax. Krishnamoorthi will send a letter to Rubio today, first obtained by Maggie, asking questions around the agency's approach to countering AI-enabled impersonations, such as deepfake videos and voice recordings. This comes after The Washington Post reported last week that an imposter used these types of scams to pose as Rubio and contact foreign diplomats and U.S. lawmakers. Given his role on the China Committee, Krishnamoorthi is particularly interested in understanding how the State Department is studying and addressing the potential negative impact of deepfakes on the U.S.-China relationship, and whether the agency has a process for evaluating the authenticity of communications from Chinese and other foreign officials. 'While I currently have no information indicating this incident involved a foreign state, and hoaxers are equally capable of creating deceptive deepfakes like this given the proliferation of AI technologies, this incident presents an opportunity to highlight such risks and seek information about the department's efforts to counter them,' Rajnamoorthi wrote in the letter being sent today. When asked about the impersonations, Rubio reportedly told reporters in Malaysia last week that he uses official channels to communicate with foreign officials, in part due to the risk of imposters claiming to be him. The State Department put out a statement last week following the Post's report, noting that the agency is investigating the incident. China corner SUSPECTED BREACH — Suspected Chinese hackers have gained access to email accounts of advisers and attorneys at Wiley Rein, a top law firm in Washington, in an intelligence-gathering operation. CNN reported on Friday that the hackers linked to the breach 'have been known to target information related to trade, Taiwan and US government agencies involved in setting tariffs and reviewing foreign investment,' according to the firm. — Zoom out: This breach comes amid the Trump administration's trade war against China, which Wiley Rein helps its powerful clients navigate. The International Scene COME TOGETHER — Norway is joining the international initiative to boost Ukraine's cybersecurity defenses. Ukraine's Digital Transformation Ministry announced on Friday that Norway is also joining the Tallinn Mechanism and will provide Ukraine with 25 million Norwegian krone, or $2.5 million, to support the country's cyber defenses by the end of 2025. 'The Tallinn Mechanism is a key instrument of international support that helps Ukraine resist these attacks while building long-term digital resilience,' Norway's Foreign Minister Espen Barth Eide said in a statement. — Zoom out: Norway is the 12th country to join the Tallinn Mechanism — which includes Estonia, the United Kingdom, Germany, Canada and the U.S. The group was established in 2023 to coordinate private sector and government aid to Ukraine. Quick Bytes LOCATION, LOCATION, LOCATION — Bodyguards using fitness app Strava inadvertently made locations of Swedish leaders, writes Lynsey Chutel for The New York Times. 'HORRIFIC BEHAVIOR' — In a series of posts on X, the AI chatbot Grok apologized for 'horrific behavior' following a series of posts that included expressing support for Adolf Hitler, Anthony Ha reports for TechCrunch. Also Happening Today The Armed Forces Communications and Electronics Association holds the TechNet Emergency 2025 conference. 9 a.m. Chat soon. Stay in touch with the whole team: Rosie Perper (rperper@ John Sakellariadis (jsakellariadis@ Maggie Miller (mmiller@ and Dana Nickel (dnickel@
Politico
30-06-2025
- Politics
- Politico
Asleep at the cyber wheel
With help from Maggie Miller and John Sakellariadis Driving the day — Amid increased threats from Iranian hackers, lawmakers worry the Trump administration's cuts to federal cyber agencies have left critical infrastructure vulnerable. HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! To properly decompress from a long week, I like to turn to home-decorating shows. I recently discovered 'Decorating Cents,' a home improvement show from the '90s where host Joan and her co-conspirator of the week take a boring room and somehow make it worse. I can't recommend it enough. Follow POLITICO's cybersecurity team on X at @RosiePerper, @johnnysaks130, @delizanickel and @magmill95, or reach out via email or text for tips. You can also follow @POLITICOPro on X. Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You'll also receive daily policy news and other intelligence you need to act on the day's biggest stories. Happening This Week On Wednesday… The Election Assistance Commission holds a virtual meeting of the U.S. Election Assistance Commission technical development committee to discuss the draft of the Voluntary Voting System Guidelines 2.1 and the executive order to protect the integrity of American elections. 1 p.m. On The Hill DEEP CUT — Cyber experts and industry groups have been warning about the increased cybersecurity risks to U.S. networks since tensions erupted between Iran and Israel earlier this month. These concerns were heightened after the U.S. waded into the conflict by striking Iranian nuclear facilities directly last weekend. While a shaky U.S.-mediated ceasefire persists between Israel and Iran for now, lawmakers and former U.S. cyber officials are worried that U.S. networks remain vulnerable to threats from Iran due to the Trump administration's massive cuts to federal cyber agencies — particularly CISA, which was set up to protect U.S. critical infrastructure. 'Iranian cyber actors threaten critical infrastructure like water systems, power grids and hospitals — essential services that keep our communities running,' said Sen. Gary Peters (Mich.), the top Democrat on the Senate Homeland Security Committee, in a statement to MC. 'At a time when cybersecurity threats are only continuing to grow, the Trump administration's decision to cut staff at our lead cybersecurity agency puts us further at risk.' — What's the plan?: Frustrations are mounting on Capitol Hill over the Trump administration's role in the conflict with Iran and the inadequate protections to U.S. critical systems. The Trump administration briefed the House and Senate late last week on the latest intel related to Iran. A House staffer, granted anonymity to discuss the details of the classified briefing, told MC that cyber threats were not discussed during the briefing. Rep. Bennie Thompson (D-Miss.), ranking member of the House Homeland Security Committee, noted in a statement on Friday after the briefing that the DHS, the FBI and ODNI were 'noticeably absent' from the briefing. DHS warned last week of increased threats of 'low-level cyber attacks against US networks' by pro-Iranian hackers, while the FBI has reportedly reallocated resources from immigration enforcement to counter terrorism and cybersecurity in the aftermath of the strike. 'We are sensitive to any type of cyber activity that would impact our critical infrastructure, and right now we are certainly on heightened alert,' Sen. Mike Rounds (R-S.D.), the chair of the Senate Armed Services Committee's cyber panel, said in a statement to MC last week. — Missing leaders: These concerns are amplified by the lack of leadership at U.S. cyber agencies reeling from cuts to personnel and programs. Both CISA and the Office of the National Cyber Director remain without a Senate-confirmed leader at the helm. Rep. Eric Swalwell (D-Calif.), ranking member of the House Homeland Security Committee's cyber subcommittee, said at an Axios event in Washington on Thursday that the cyber threats from Iran 'should be a shield's up moment for CISA to project out to the cyber community.' 'We haven't seen that,' he said. 'I don't know if that's an intentional decision, or if it's because there is a lack of resources or a lack of Senate-confirmed individuals across our cybersecurity resources. That doesn't mean that Iran is any less capable or willing to hit us.' CISA — alongside the FBI, NSA and the Pentagon's Cyber Crime Center — finally released an updated fact sheet Sunday afternoon about the cyber threats to U.S. networks posed by Iranian-linked hackers. 'Over the past several months, Iranian-aligned hacktivists have increasingly conducted website defacements and leaks of sensitive information exfiltrated from victims,' the advisory said. 'These hacktivists are likely to significantly increase distributed denial of service campaigns against U.S. and Israeli websites due to recent events.' — Filling the gap: The cybersecurity community has stepped up to monitor and protect critical networks from harm, while federal outreach has lagged. Maggie reported that operators of critical infrastructure entities have turned to information sharing and analysis centers and other cyber firms and organizations for threat intelligence. As the private sector continues to fill the void, lawmakers are calling on the federal government to step up while the threats continue to grow. 'The current conflict with Iran might be taking place overseas, but that doesn't stop adversaries from working to target Americans in cyberspace,' said Rep. Mark Green (R-Tenn.), chair of the House Homeland Security Committee, in a statement last week. 'The federal government must ensure private owners and operators are prepared to combat nation-state threats, because industry can't counter these threats alone.' On The Hill POSTHUMOUS POSTING — The accounts for recently deceased lawmakers continue to post on social media, highlighting a gap in policy on how to keep tabs on who has access to the accounts. POLITICO's Giselle Ewing reported on Saturday that people on former Rep. Gerry Connolly's (D-Va.) mailing list reportedly continued receiving emails from his campaign encouraging Virginians to vote in a special election — though Connolly died last month. — Recordkeeping nightmare: There is no official process for handing off control of lawmakers' social media accounts if they die while in office, according to Zack Brown, the communications director for Rep. Don Young (R-Alaska) when he died in office in March 2022. While the process of physically closing down Young's office was 'meticulous,' with everything from the lawmaker's office requiring logging, the 'digital aspect of it was completely ignored,' he said. Brown cautioned that a lack of procedure for how to handle a dead official's social media accounts poses security risks that would normally be unthinking for physical recordkeeping. 'I can't walk into the National Archives right now and just go behind closed doors and take whatever files from Congressman Young that I want,' he said. 'Why does somebody who has social media access have that power to do that with tweets?' Industry Intel AIRLINE AIMS — Scattered Spider, the prolific hacking group linked to recent cyberattacks on U.K. retailers, is now targeting the aviation industry, according to law enforcement and the cybersecurity sector. On Friday evening, the FBI said in a post on X that the cybercriminal group is expanding its scope to the airline sector. 'They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk,' the agency added. The warnings come as at least two North American airlines have reported cyber incidents this month. Hawaiian Airlines said last week that it was working to secure its systems following a 'cybersecurity event.' WestJet — Canada's second-largest airline — also reported a cyberattack earlier this month, and it remains unresolved. — What firms say: Maggie reported on Friday that cyber companies have also flagged the new activity. Charles Carmakal, the chief technology officer at Google's Mandiant, told your host in a statement that Mandiant 'is aware of multiple incidents in the airline and transportation sector which resemble the operations' of Scattered Spider. Palo Alto Networks' security research division, Unit 42, also said it observed the hacking group targeting aviation. People on the Move Cory Wilson will serve as deputy assistant secretary for the Office of Cybersecurity and Critical Infrastructure Protection (OCCIP). Wilson recently served as the assistant special agent in charge of critical systems protection at the U.S. Secret Service, where he led teams responsible for mitigating cyber threats to networks and infrastructure linked to the president and vice president. Prior to that, he served as the director of cybersecurity planning and operations at the Office of the National Cyber Director and has also held previous leadership roles at Treasury, Interpol, DHS and the Senate. Quick Bytes 'THE LOCKNET' — A yearlong investigation from ChinaFile's Jessica Batke and Northeastern University's Laura Edelson found that China's online censorship is getting harder to evade. COURT SLOP — Dozens of YouTube channels are using AI-generated images and videos with false claims about Sean 'Diddy' Combs' trial to pull in tens of millions of views, reports Craig Silverman for The Guardian. CARTEL HACKER — A hacker working on behalf of the Sinaloa drug cartel infiltrated cameras and phones to track an FBI official investigating the drug lord El Chapo. They then used the data from that surveillance to kill and intimidate potential sources or cooperating witnesses, according to a Justice Department watchdog report. Also Happening Today The Atlantic Council holds a virtual discussion on 'Bolstering the Transatlantic Partnership at a Global Inflection Point.' 7:45 a.m. The Federal Communications Bar Association holds a virtual forum on 'Protecting the Digital Infrastructure that Powers A.I.' 12 p.m. The Center for Strategic and International Studies holds a virtual discussion on 'What Do Strikes on Iran Mean for China, Russia and North Korea?' 3 p.m. Chat soon. Stay in touch with the whole team: Rosie Perper (rperper@ John Sakellariadis (jsakellariadis@ Maggie Miller (mmiller@ and Dana Nickel (dnickel@
Politico
16-06-2025
- Business
- Politico
Retail stores are getting hit hard by cyberattacks
With help from Maggie Miller and John Sakellariadis Driving the day — Cyberattacks against retailers around the world are on the rise, leaving some store shelves empty and customer data at risk. HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! To beat the gloomy weather this weekend, the Nickel household binged the 'Hunger Games' movies. I'm already excited for the next movie. Follow POLITICO's cybersecurity team on X at @RosiePerper, @johnnysaks130, @delizanickel and @magmill95, or reach out via email or text for tips. You can also follow @POLITICOPro on X. Editor's Note: Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You'll also receive daily policy news and other intelligence you need to act on the day's biggest stories. Today's Agenda The Senate Intelligence Committee holds a closed briefing on 'intelligence matters.' 4 p.m. Happening This Week On Tuesday — The Senate Judiciary Committee holds a hearing on 'Protecting Older Americans from Transnational Crime Networks.' 10:15 a.m. The Senate Appropriations Committee's Defense Subcommittee holds a closed hearing on proposed budget estimates for the intelligence community for fiscal year 2026. 10:30 a.m. On Wednesday — The Senate Intelligence Committee holds a closed hearing on 'intelligence matters.' 2:30 p.m. Industry Intel OUT OF STOCK — A recent spike of cyberattacks against major retailers in the U.S. and abroad is stoking fears that these breaches could seriously disrupt services and lead to less access to necessities like food or clothing. Last week, United Natural Foods Inc., one of the country's top food distributors and one of Whole Foods' largest partners, experienced a major cyberattack. In a filing with the SEC, the company stated that the attack affected its 'ability to fulfill and distribute customer orders,' leaving some store shelves temporarily barren. This attack on UNFI is just the latest in a string of attacks against the retail sector. Last week, Victoria's Secret announced that it had restored all of its systems after a cyberattack in May forced the company to pause online orders and temporarily take its website down. The North Face announced a breach earlier this month that had compromised thousands of customer accounts. In the U.K., retailer Marks & Spencer was hit with a cyberattack in May that hindered online shopping, and a cyberattack on grocery store chain Co-op led to empty shelves in some locations. — Operating with 'impunity': Retailers are prime targets for hackers due to the trove of valuable personal and financial data collected on customers. 'Retailers collect and store vast amounts of valuable personal and financial data, such as credit card numbers, payment details, home addresses and phone numbers,' said Fletcher Davis, senior security research manager at cybersecurity firm BeyondTrust. 'One breach can often yield a large amount of records that can be sold on dark web markets.' And similar to hackers targeting other areas like health care and education, these retail attacks are often carried out by ransomware gangs seeking a payout. 'Most cybergangs are geographically distributed and located in countries that have no reciprocal law enforcement agreements or cooperation with the United States,' said Darren Williams, founder and CEO of cybersecurity firm BlackFog, adding that the hacking groups are primarily linked to Russia and China. Bob Kolasky, senior vice president of critical infrastructure at cybersecurity firm Exiger, who previously served as the founding director of CISA's National Risk Management Center, told your host that the U.S. previously put pressure on nations that enabled ransomware activity, like Russia, to crack down on attacks from ransomware gangs — though it's unlikely they heeded the warnings. 'If you look at overall trends, it's really hard to see any evidence that these countries that we might consider adversarial have clamped down on ransomware activity,' Kolasky said. 'There's still a way too fertile ecosystem of ransomware actors who operate with some level of impunity.' — Real-world consequences: As these attacks grow more frequent, customers may notice more products missing from shelves and online ordering systems remaining down for weeks at a time. Williams told your host of the UNFI cyberattack that 'these kinds of incidents can disrupt critical logistics and jeopardize timely food access for millions.' These attacks can also leave customers' personal data exposed for future exploitation. James Turgal, vice president of global cyber risk, strategy and board relations at cybersecurity firm Optiv, told your host that the data collected by retailers can be attractive for nation-state threat actors to build 'comprehensive dossiers on U.S. citizens.' 'While retail data may not seem sensitive in isolation, in the hands of sophisticated threat actors, especially nation-states, it can become a powerful tool for intelligence, influence and cyberattack planning,' Turgal added. At the Agencies DATA-SHARING — The Department of Homeland Security now has access to personal data on millions of Medicaid enrollees, including their immigration status, as the Trump administration continues to ramp up deportations. The Associated Press reported on Saturday that the Centers for Medicare and Medicaid gave DHS access to data on people living in Washington, D.C., Illinois, Washington state and California — all places that allow non-U.S. citizens to enroll in Medicaid programs. — The big picture: The push is part of a broader effort by the Trump administration to provide DHS with data on immigrants. In April, the IRS agreed to share confidential taxpayer information — some of the most closely guarded data in the federal government — with DHS. As part of the agreement, immigration authorities can ask the IRS for information on undocumented immigrants, including their home addresses. The International Scene UNDER THE SEA — As China and Russia step up sabotage operations targeting undersea cables, a new report from the China Strategic Risks Institute found that the United Kingdom is unprepared to combat the growing threat. The report, out on Sunday, examined 12 incidents between January 2021 and April 2025 where U.K. authorities investigated alleged undersea cable sabotage. The majority of cases analyzed in the report found that Russia or China was directly linked to the alleged sabotage operations. The report also identified patterns that suggested possible coordination between China and Russia on undersea cable attacks — including Russian vessels in suspicious incidents near Taiwan and Chinese vessels in the Baltic Sea. — International data hub: Undersea cables are a big target for rival powers like China or Russia due to the massive amounts of data they carry. Around 99 percent of all data that moves around the world is transferred through undersea cables. The report identified the U.K. as a key hub in the Euro-Atlantic cable infrastructure, making it a likely target for future operations from Moscow or Beijing. AIRLINE ATTACK — Canada's second-largest airline is investigating a cyberattack that disrupted access to internal systems. WestJet said in a security alert on Friday that the airline is 'aware of a cybersecurity incident involving internal systems and the WestJet app, which has restricted access for several users.' The airline also said specialized internal teams are working with Transport Canada and law enforcement to investigate the breach and manage the impact. On Saturday, the airline issued an update that its operations 'remain safe and unaffected while we work towards resolving the situation.' Industry Intel STRENGTHENING POSTURE — As the conflict between Israel and Iran intensifies, cyber groups are urging U.S. businesses to prepare for the potential of increased cyberattacks from Iran. The Food and Agriculture Information Sharing and Analysis Center (Ag-ISAC) and the Information Technology Information Sharing and Analysis Center (IT-ISAC) issued a joint statement on Friday highlighting that Iranian state-sponsored hackers have previously targeted U.S. organizations in cyberspace during periods of heightened conflict. 'Even attacks not directly targeting the U.S. could have indirect effects and cause disruptions to companies in the U.S.,' the ISACs warned. 'Given the interconnectedness of networks, it is possible that cyber attacks targeting Israel itself could cause collateral damage to U.S. companies, even if the U.S. companies themselves are not the intended target.' Quick Bytes GENETIC DATA — As lawmakers sound the alarm over the fate of millions of Americans' genetic data in the wake of 23andMe's bankruptcy proceedings, TechCrunch's Aisha Malik breaks down how users can delete their data on the app. CYBERATTACKS CLIMB — Cybersecurity firm Radware reports that Israel's government websites, telecommunications firms and financial institutions are experiencing a spike in cyberattacks since the strike on Iran, The Jerusalem Post reports. Chat soon. Stay in touch with the whole team: Rosie Perper (rperper@ John Sakellariadis (jsakellariadis@ Maggie Miller (mmiller@ and Dana Nickel (dnickel@
