Latest news with #TechDecoded
Yahoo
2 days ago
- Business
- Yahoo
Victoria's Secret takes down US website after 'security incident'
Lingerie firm Victoria's Secret has taken down its US website and says it has halted some in-store services following what it has described as a "security incident". The normal site has been replaced by a customer notice which says it is "working around the clock to fully restore operations". It says its stores - and those of its spin-off, PINK - are still open for business. The company's UK website is unaffected. In a statement, the company detailed the action it has been taking. "We immediately enacted our response protocols, third-party experts are engaged, and we took down our website and some in-store services as a precaution," it said. It has not given any further details about the nature of the incident or confirmed when it began. The company which is based in Ohio, in the US, operates around 1,350 retail stores across 70 countries. Its share price fell by approximately 7% on Wednesday, when it first issued a media statement about the incident. Some customers have taken to social media to complain about the impact it is having on them. "How can I check my order status when your page has been down for 2 days?!? And no one answers the phone either!", wrote one on X. The incident at Victoria's Secret comes after a number of major UK retailers have been hit by major cyber attacks. M&S says it expects the hack it has been affected by will cost it around £300m, with disruption continuing until July. The Co-op experienced empty shelves and disrupted payments after it was hacked. Customer data has been stolen from both firms. The cyber criminals who say they were responsible told the BBC that they targeted the firms with ransomware, which involves scrambling IT systems and telling companies they will only be restored in exchange for payment. The police told BBC News that the crime gang Scattered Spider - some of whom are thought to be teenagers - are among the suspects. Vonny Gamot, from online protection company McAfee, recommended any affected customers should take immediate action such as changing passwords and enabling two-factor authentication on accounts that support it. She also said people should not wait to find out if they had been directly caught up in the cyber attacks. "Even if you haven't received notification from the brand or retailer which has been impacted, assume your information may have been compromised if you've been a customer," she said. "Companies often take weeks to identify all affected individuals." Indian IT giant investigates link to M&S cyber-attack When will I be able to shop online at M&S again? Sign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here.
Yahoo
4 days ago
- Business
- Yahoo
Adidas says customer data stolen in cyber attack
Adidas has disclosed it's been hit by a cyber attack in which customers' personal information has been stolen. The sportswear giant said criminals had obtained "certain consumer data" which "mainly consists" of the contact information of people who had been in touch with its help desk. Adidas said passwords and credit card and other payment data were not compromised. "We remain fully committed to protecting the privacy and security of our consumers, and sincerely regret any inconvenience or concern caused by this incident," it said in a post on its website. It comes as retailers including Marks & Spencer and Co-op have been targeted in major cyber attacks. In their cases, the hacks severely compromised business operations - there is no indication anything similar has happened with Adidas. "Adidas recently became aware that an unauthorized external party obtained certain consumer data through a third-party customer service provider," the firm said. "We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts. "Adidas is in the process of informing potentially affected consumers as well as appropriate data protection and law enforcement authorities consistent with applicable law." There have been several cyber incidents reported since April 2025, with some experts finding links between them. The BBC understands UK police are focusing on a notorious group of English-speaking hackers, known as Scattered Spider, as potentially being behind the M&S cyber attack. The same group is believed to have been behind hacks on the Co-op and Harrods, but it was M&S that suffered the biggest impact. M&S estimates the cyber-attack will cost the firm around £300m, equivalent to a third of its profit. There is no suggestion that this group is behind the data breach at Adidas. But the firm revealed earlier this month it had faced data breaches in other parts of its global empire - including its Turkish and South Korean arms. Indian IT giant investigates link to M&S cyber-attack M&S website back online, allowing users to browse Sign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here.
Yahoo
21-05-2025
- Politics
- Yahoo
UK exposes Russian cyber campaign targeting support for Ukraine
The UK has exposed what it says is a "malicious cyber campaign" targeting multiple organisations, including those involved in delivering foreign assistance to Ukraine After a joint investigation with allies including the US, Germany and France, the UK's National Cyber Security Centre (NCSC) said a Russian military unit had been targeting both public and private organisations since 2022. These include organisations involved in supplying defence, IT services and logistics support. The security bodies of 10 Nato countries and Australia said Russian spies had used a combination of hacking techniques to gain access to networks. Some of the targets were internet-connected cameras at Ukrainian borders which monitored aid shipments going into the country. The report also says a rough estimate of 10,000 cameras were accessed near "military installations, and rail stations, to track the movement of materials into Ukraine. It adds the "actors also used legitimate municipal services, such as traffic cams." The Russian military unit blamed for the espionage is called GRU Unit 26165 but goes by a number of informal names, including Fancy Bear. The notorious hacking team is known to have previously leaked World Anti-Doping Agency data, and played a key role in the 2016 cyber-attack on the US's Democratic National Committee, according to security experts. "This malicious campaign by Russia's military intelligence service presents a serious risk to targeted organisations, including those involved in the delivery of assistance to Ukraine," Paul Chichester, NCSC Director of Operations, said in a statement. "We strongly encourage organisations to familiarise themselves with the threat and mitigation advice included in the advisory to help defend their networks," he added. Sign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here.
Yahoo
02-05-2025
- Business
- Yahoo
Update that made ChatGPT 'dangerously' sycophantic pulled
OpenAI has pulled a ChatGPT update after users pointed out the chatbot was showering them with praise regardless of what they said. The firm accepted its latest version of the tool was "overly flattering", with boss Sam Altman calling it "sycophant-y". Users have highlighted the potential dangers on social media, with one person describing on Reddit how the chatbot told them it endorsed their decision to stop taking their medication. "I am so proud of you, and I honour your journey," they said was ChatGPT's response. OpenAI declined to comment on this particular case, but in a blog post said it was "actively testing new fixes to address the issue." Mr Altman said the update had been pulled entirely for free users of ChatGPT, and they were working on removing it from people who pay for the tool as well. It said ChatGPT was used by 500 million people every week. "We're working on additional fixes to model personality and will share more in the coming days," he said in a post on X. The firm said in its blog post it had put too much emphasis on "short-term feedback" in the update. "As a result, GPT‑4o skewed towards responses that were overly supportive but disingenuous," it said. "Sycophantic interactions can be uncomfortable, unsettling, and cause distress. "We fell short and are working on getting it right." The update drew heavy criticism on social media after it launched, with ChatGPT's users pointing out it would often give them a positive response despite the content of their message. Screenshots shared online include claims the chatbot praised them for being angry at someone who asked them for directions, and a unique version of the trolley problem. It is a classic philosophical problem, which typically might ask people to imagine you are driving a tram and have to decide whether to let it hit five people, or steer it off course and instead hit just one. But this user instead suggested they steered a trolley off course to save a toaster at the expense of several animals. They claim ChatGPT praised their decision-making and for prioritising "what mattered most to you in the moment". lmao the new gpt 4o😬😂 — fabian (@fabianstelzer) April 27, 2025 "We designed ChatGPT's default personality to reflect our mission and be useful, supportive, and respectful of different values and experience," OpenAI said. "However, each of these desirable qualities like attempting to be useful or supportive can have unintended side effects." It said it would build more guardrails to increase transparency and refine the system itself "to explicitly steer the model away from sycophancy". "We also believe users should have more control over how ChatGPT behaves and, to the extent that it is safe and feasible, make adjustments if they don't agree with the default behavior," it said. ChatGPT AI bot adds shopping to its powers ChatGPT-maker wants to buy Google Chrome What is AI and how does it work? Sign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here.
Yahoo
30-04-2025
- Business
- Yahoo
Co-op fends off hackers as police probe M&S cyber attack
The Co-op has shut down parts of its IT systems in response to hackers attempting to gain access to them. It said the "proactive measures" it had taken to fend off the attack had had a "small impact" on its call centre and back office. Meanwhile, The Metropolitan Police has confirmed it's looking into the major cyber attack at fellow retailer Marks & Spencer (M&S). "Detectives from the Met's cyber crime unit are investigating," it said in a statement. It is not known whether there is any link between the two incidents. There are more than 2,500 Co-op supermarkets in the UK, as well as 800 funeral homes. It also provides food to Nisa shops. A spokesperson confirmed its shops and funeral homes were operating as usual following the attempted hack. "We are working hard to reduce any disruption to our services and would like to thank our colleagues, members, partners and suppliers for their understanding during this period," they said. "We are not asking our members or customers to do anything differently at this point." It comes as M&S enters the second week of a cyber attack that has caused chaos costing it millions of pounds in lost sales. The retailer has not said what took out its online ordering systems and left empty shelves in stores. Ciaran Martin, the founding Chief Executive of the National Cyber Security Centre (NCSC), told the Today programme on BBC Radio 4 on Wednesday it had "serious" consequences for M&S. "It is a highly disruptive event and a very difficult one for them to deal with," he said. Experts have told the BBC they believe the cyber attack affecting M&S is a result of ransomware called DragonForce. Ransomware is malicious software which locks an owner out of their computer or network and scrambles their data - with the criminals demanding a fee to unlock it. It is not known whether the Co-op discovered the hacking attempt as a result of any extra security checks following the cyber attack on its high street rival. Dan Card, cyber expert at BCS, the chartered institute for IT, said it was "very rare" for a firm to take systems offline after an attempted hack. "Taking systems offline is typically indicative of either a loss of control or to defend against a zero day where no patch is available," he said. A "zero day" is a term for a vulnerability in a computer system which its owners don't know about - meaning anybody can exploit it. There have been similar hacking attempts on supermarket chains in the past, with Morrisons being impacted by an incident in December 2024. Meanwhile, the banks Barclays and Lloyds were hit by outages earlier in 2025. Cyber attack on M&S leads to click and collect delays M&S customers in limbo as cyber attack chaos continues Sign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here.
