Retail stores are getting hit hard by cyberattacks

With help from Maggie Miller and John Sakellariadis
Driving the day
— Cyberattacks against retailers around the world are on the rise, leaving some store shelves empty and customer data at risk.
HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! To beat the gloomy weather this weekend, the Nickel household binged the 'Hunger Games' movies. I'm already excited for the next movie.
Follow POLITICO's cybersecurity team on X at @RosiePerper, @johnnysaks130, @delizanickel and @magmill95, or reach out via email or text for tips. You can also follow @POLITICOPro on X.
Editor's Note: Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You'll also receive daily policy news and other intelligence you need to act on the day's biggest stories.
Today's Agenda
The Senate Intelligence Committee holds a closed briefing on 'intelligence matters.' 4 p.m.
Happening This Week
On Tuesday — The Senate Judiciary Committee holds a hearing on 'Protecting Older Americans from Transnational Crime Networks.' 10:15 a.m.
The Senate Appropriations Committee's Defense Subcommittee holds a closed hearing on proposed budget estimates for the intelligence community for fiscal year 2026. 10:30 a.m.
On Wednesday — The Senate Intelligence Committee holds a closed hearing on 'intelligence matters.' 2:30 p.m.
Industry Intel
OUT OF STOCK — A recent spike of cyberattacks against major retailers in the U.S. and abroad is stoking fears that these breaches could seriously disrupt services and lead to less access to necessities like food or clothing.
Last week, United Natural Foods Inc., one of the country's top food distributors and one of Whole Foods' largest partners, experienced a major cyberattack. In a filing with the SEC, the company stated that the attack affected its 'ability to fulfill and distribute customer orders,' leaving some store shelves temporarily barren.
This attack on UNFI is just the latest in a string of attacks against the retail sector. Last week, Victoria's Secret announced that it had restored all of its systems after a cyberattack in May forced the company to pause online orders and temporarily take its website down. The North Face announced a breach earlier this month that had compromised thousands of customer accounts.
In the U.K., retailer Marks & Spencer was hit with a cyberattack in May that hindered online shopping, and a cyberattack on grocery store chain Co-op led to empty shelves in some locations.
— Operating with 'impunity': Retailers are prime targets for hackers due to the trove of valuable personal and financial data collected on customers.
'Retailers collect and store vast amounts of valuable personal and financial data, such as credit card numbers, payment details, home addresses and phone numbers,' said Fletcher Davis, senior security research manager at cybersecurity firm BeyondTrust. 'One breach can often yield a large amount of records that can be sold on dark web markets.'
And similar to hackers targeting other areas like health care and education, these retail attacks are often carried out by ransomware gangs seeking a payout.
'Most cybergangs are geographically distributed and located in countries that have no reciprocal law enforcement agreements or cooperation with the United States,' said Darren Williams, founder and CEO of cybersecurity firm BlackFog, adding that the hacking groups are primarily linked to Russia and China.
Bob Kolasky, senior vice president of critical infrastructure at cybersecurity firm Exiger, who previously served as the founding director of CISA's National Risk Management Center, told your host that the U.S. previously put pressure on nations that enabled ransomware activity, like Russia, to crack down on attacks from ransomware gangs — though it's unlikely they heeded the warnings.
'If you look at overall trends, it's really hard to see any evidence that these countries that we might consider adversarial have clamped down on ransomware activity,' Kolasky said. 'There's still a way too fertile ecosystem of ransomware actors who operate with some level of impunity.'
— Real-world consequences: As these attacks grow more frequent, customers may notice more products missing from shelves and online ordering systems remaining down for weeks at a time.
Williams told your host of the UNFI cyberattack that 'these kinds of incidents can disrupt critical logistics and jeopardize timely food access for millions.'
These attacks can also leave customers' personal data exposed for future exploitation.
James Turgal, vice president of global cyber risk, strategy and board relations at cybersecurity firm Optiv, told your host that the data collected by retailers can be attractive for nation-state threat actors to build 'comprehensive dossiers on U.S. citizens.'
'While retail data may not seem sensitive in isolation, in the hands of sophisticated threat actors, especially nation-states, it can become a powerful tool for intelligence, influence and cyberattack planning,' Turgal added.
At the Agencies
DATA-SHARING — The Department of Homeland Security now has access to personal data on millions of Medicaid enrollees, including their immigration status, as the Trump administration continues to ramp up deportations.
The Associated Press reported on Saturday that the Centers for Medicare and Medicaid gave DHS access to data on people living in Washington, D.C., Illinois, Washington state and California — all places that allow non-U.S. citizens to enroll in Medicaid programs.
— The big picture: The push is part of a broader effort by the Trump administration to provide DHS with data on immigrants.
In April, the IRS agreed to share confidential taxpayer information — some of the most closely guarded data in the federal government — with DHS. As part of the agreement, immigration authorities can ask the IRS for information on undocumented immigrants, including their home addresses.
The International Scene
UNDER THE SEA — As China and Russia step up sabotage operations targeting undersea cables, a new report from the China Strategic Risks Institute found that the United Kingdom is unprepared to combat the growing threat.
The report, out on Sunday, examined 12 incidents between January 2021 and April 2025 where U.K. authorities investigated alleged undersea cable sabotage. The majority of cases analyzed in the report found that Russia or China was directly linked to the alleged sabotage operations.
The report also identified patterns that suggested possible coordination between China and Russia on undersea cable attacks — including Russian vessels in suspicious incidents near Taiwan and Chinese vessels in the Baltic Sea.
— International data hub: Undersea cables are a big target for rival powers like China or Russia due to the massive amounts of data they carry. Around 99 percent of all data that moves around the world is transferred through undersea cables.
The report identified the U.K. as a key hub in the Euro-Atlantic cable infrastructure, making it a likely target for future operations from Moscow or Beijing.
AIRLINE ATTACK — Canada's second-largest airline is investigating a cyberattack that disrupted access to internal systems.
WestJet said in a security alert on Friday that the airline is 'aware of a cybersecurity incident involving internal systems and the WestJet app, which has restricted access for several users.' The airline also said specialized internal teams are working with Transport Canada and law enforcement to investigate the breach and manage the impact.
On Saturday, the airline issued an update that its operations 'remain safe and unaffected while we work towards resolving the situation.'
Industry Intel
STRENGTHENING POSTURE — As the conflict between Israel and Iran intensifies, cyber groups are urging U.S. businesses to prepare for the potential of increased cyberattacks from Iran.
The Food and Agriculture Information Sharing and Analysis Center (Ag-ISAC) and the Information Technology Information Sharing and Analysis Center (IT-ISAC) issued a joint statement on Friday highlighting that Iranian state-sponsored hackers have previously targeted U.S. organizations in cyberspace during periods of heightened conflict.
'Even attacks not directly targeting the U.S. could have indirect effects and cause disruptions to companies in the U.S.,' the ISACs warned. 'Given the interconnectedness of networks, it is possible that cyber attacks targeting Israel itself could cause collateral damage to U.S. companies, even if the U.S. companies themselves are not the intended target.'
Quick Bytes
GENETIC DATA — As lawmakers sound the alarm over the fate of millions of Americans' genetic data in the wake of 23andMe's bankruptcy proceedings, TechCrunch's Aisha Malik breaks down how users can delete their data on the app.
CYBERATTACKS CLIMB — Cybersecurity firm Radware reports that Israel's government websites, telecommunications firms and financial institutions are experiencing a spike in cyberattacks since the strike on Iran, The Jerusalem Post reports.
Chat soon.
Stay in touch with the whole team: Rosie Perper (rperper@politico.com); John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com), and Dana Nickel (dnickel@politico.com).

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Chicago Tribune

an hour ago

• Chicago Tribune

How Senate Republicans want to change the tax breaks in Trump's big bill

WASHINGTON — House and Senate Republicans are taking slightly different approaches when it comes to the tax cuts that lawmakers are looking to include in their massive tax and spending cuts bill. Republicans in the two chambers don't agree on the size of a deduction for state and local taxes. And they are at odds on such things as allowing people to use their health savings accounts to help pay for their gym membership, or whether electric vehicle and hybrid owners should have to pay an annual fee. The House passed its version shortly before Memorial Day. Now the Senate is looking to pass its version. While the two bills are similar on the major tax provisions, how they work out their differences in the coming weeks will determine how quickly they can get a final product over the finish line. President Donald Trump is pushing to have the legislation on his desk by July 4th. Here's a look at some of the key differences between the two bills: The child tax credit currently stands at $2,000 per child. The House bill temporarily boosts the child tax credit to $2,500 for the 2025 through 2028 tax years, roughly the length of President Donald Trump's second term. It also indexes the credit amount for inflation beginning in 2027. The Senate bill provides a smaller, initial bump-up to $2,200, but the bump is permanent, with the credit amount indexed for inflation beginning next year. Trump promised on the campaign trail that he would seek to end income taxes on tips, overtime and Social Security benefits. Also, he would give car buyers a new tax break by allowing them to deduct the interest paid on auto loans. The House and Senate bills incorporate those promises with temporary deductions lasting from the 2025 through 2028 tax years, but with some differences. The House bill creates a deduction on tips for those working in jobs that have customarily received tips. The House also provides for a deduction for overtime that's equal to the amount of OT a worker has earned. The Senate bill comes with more restrictions. The deduction for tips is limited to $25,000 per taxpayer and the deduction for overtime is limited to $12,500 per taxpayer. The House and Senate bills both provide a deduction of up to $10,000 for interest paid on loans for vehicles made in the United States. And on Social Security, the bills don't directly touch the program. Instead, they grant a larger tax deduction for Americans age 65 and older. The House sets the deduction at $4,000. The Senate sets it at $6,000. Both chambers include income limits over which the new deductions begin to phase out. The caps on state and local tax deductions, known in Washington as the SALT cap, now stand at $10,000. The House bill, in a bid to win over Republicans from New York, California and New Jersey, lifts the cap to $40,000 per household with incomes of less than $500,000. The credit phases down for households earning more than $500,000. The Senate bill keeps the cap at $10,000. That's a non-starter in the House, but Republicans in the two chambers will look to negotiate a final number over the coming weeks that both sides can accept. The House bill prohibits states from establishing new provider taxes or increasing existing taxes. These are taxes that Medicaid providers, such as hospitals, pay to help states finance their share of Medicaid costs. In turn, the taxes allow states to receive increased federal matching funds while generally holding providers harmless through higher reimbursements that offset the taxes paid. Such taxes now are effectively capped at 6%. The Senate looks to gradually lower that threshold for states that have expanded their Medicaid populations under the Affordable Care Act, or 'Obamacare,' until it reaches 3.5% in 2031, with exceptions for nursing homes and intermediate care facilities. Industry groups have warned that limiting the ability of states to tax providers may lead to some states making significant cuts to their Medicaid programs as they make up for the lost revenue in other ways. The Medicaid provision could be a flashpoint in the coming House and Senate negotiations. Sen. Josh Hawley, R-Mo., was highly critical of the proposed Senate changes. 'This needs a lot of work. It's really concerning and I'm really surprised by it,' he said. 'Rural hospitals are going to be in bad shape.' The House bill would allow companies for five years to fully deduct equipment purchases and domestic research and development expenses. The Senate bill includes no sunset, making the tax breaks permanent, which was a key priority of powerful trade groups such as the U.S. Chamber of Commerce. Republicans in both chambers are looking to scale back the clean energy tax credits enacted through then-President Joe Biden's climate law. It aimed to boost the nation's transition away from planet-warming greenhouse gas emissions toward renewable energy such as wind and solar power. Under the Senate bill, the tax credits for clean energy and home energy efficiency would still be phased out, but less quickly than under the House bill. Still, advocacy groups fear that the final measure will threaten hundreds of thousands of jobs and drive up household energy costs. The House bill would allow millions of Americans to use their health savings accounts to pay for gym memberships, with a cap of $500 for single taxpayers and $1,000 for joint filers. The Senate bill doesn't include such a provision. The House reinstates a charitable deduction for non-itemizers of $150 per taxpayer. The Senate bill increases that deduction for donations to $1,000 per taxpayer. Republicans in the House bill included a new annual fee of $250 for EV owners and $100 for hybrid owners that would be collected by state motor vehicle departments. The Senate bill excludes the proposed fees.

The Hill

an hour ago

• The Hill

‘Rising fragility': Therapy culture is fueling America's unrest

The unrest in Los Angeles isn't just about politics. It is a symptom of something deeper: a national collapse of resilience. Behind the protests lies a broader crisis, a fragile mindset that mistakes discomfort for danger, grievance for identity, and emotional reactivity for truth. New polling reveals a striking psychological divide: 45 percent of liberals report poor mental health, compared to just 19 percent of conservatives. This is not about ideology. It reflects two competing visions of how Americans are being taught to face adversity. As a psychotherapist practicing in New York City and Washington, D.C., I have seen firsthand how therapy has changed over the years. Once a tool for building resilience and fostering growth, it has increasingly become a system that rewards victimhood and reinforces vulnerability. Today's therapy culture pathologizes ordinary discomfort as trauma and treats accountability as incompatible with emotional safety. One woman told me her previous therapist urged her to quit a new job after only one week because it 'triggered' her. The real issue was difficulty taking directions. But instead of confronting it, the therapist simply validated her discomfort. Another patient was told that setting 'healthy boundaries' meant cutting off her entire family. No conversation, no healing — just isolation framed as progress. This is not therapy. It is enabling. This mindset goes well beyond the therapy room. It spills into classrooms, workplaces, media and now the streets. When people are conditioned to see themselves as perpetual victims and feel aggrieved, that inner turmoil eventually erupts into public unrest. Take the recent 'No Kings' protests, loosely organized around anti-monarchy themes. These demonstrations erupted across major cities without clear demands or coherent goals. They were not political movements, but emotional releases shaped by a culture that values validation over responsibility and reaction over resilience. In my practice, I see a growing pattern, especially among younger patients. Many now view the world through a rigid binary of safe versus unsafe, oppressor versus oppressed. While that lens may offer clarity, it ultimately stunts growth, fuels anxiety and deepens social division. Emotional strength is mistaken for aggression. Assertiveness is labeled harm. Coping is no longer a virtue. More concerning, this worldview is being institutionalized. From diversity, equity and inclusion training centered on personal grievance to college campuses where opposing views are treated as psychological threats, we are cultivating a generation that expects the world to adapt to their emotions rather than learning how to adapt to the world. The consequences are growing. A society that teaches its citizens to fear discomfort will falter when facing the essential demands of adulthood, leadership and civic duty. If this psychological trend persists, we will experience more unrest, greater dysfunction and a deeper breakdown of national unity — not from politics, but from a widespread failure to handle everyday challenges. Therapy's original promise was to prepare people for life's challenges. It taught that discomfort is part of growth and that personal responsibility is the path to healing. We must return to these principles. Therapists need to stop encouraging dependence and instead help patients develop real coping skills. Schools should teach grit and perseverance alongside empathy. Workplaces should reward accountability and resilience, not coddling. Media outlets should highlight stories of individuals overcoming adversity rather than celebrating grievance. If we do not course-correct soon, this fragile mindset will become the cultural norm. More young people will be paralyzed by adversity, institutions will prioritize emotion over reason, and communities will unravel under the strain of perceived harm. This rising fragility threatens the very foundation of our society. What is at stake is more than just mental health. It is the future of a society capable of facing hardship and solving problems together. America's strength has always come from its ability to persevere and overcome challenges. Without that strength, unrest will continue to grow, dividing us further. The unrest in Los Angeles is not simply another protest. It mirrors what's happening inside many Americans — a breakdown in coping, a decline in resilience and a confusion between emotions and reality. Our national mental health crisis is no longer confined to private sessions. It is playing out in public. Until we stop treating fragility as a virtue, America's unraveling will continue — in therapy offices, on college campuses and in the streets alike. Jonathan Alpert is a psychotherapist practicing in New York City and Washington, D.C., and author of the forthcoming book, 'The Therapy Trap.'

Politico

2 hours ago

• Politico

‘Great American battle' commemorated on 250th anniversary

NEW YORK — As the U.S. marks the 250th anniversary of the Battle of Bunker Hill, it might take a moment — or more — to remember why. Start with the very name. 'There's something percussive about it: Battle of Bunker Hill,' says prize-winning historian Nathaniel Philbrick, whose 'Bunker Hill: A City, A Siege, A Revolution' was published in 2013. 'What actually happened probably gets hazy for people outside of the Boston area, but it's part of our collective memory and imagination.' 'Few 'ordinary' Americans could tell you that Freeman's Farm, or Germantown, or Guilford Court House were battles,' says Paul Lockhart, a professor of history at Wright University and author of a Bunker Hill book, 'The Whites of Their Eyes,' which came out in 2011. 'But they can say that Gettysburg,D-Day, and Bunker Hill were battles.' Bunker Hill, Lockhart adds, 'is the great American battle, if there is such a thing.' Much of the world looks to the Battles of Lexington and Concord, fought in Massachusetts on April 19, 1775, as the start of the American Revolution. But Philbrick, Lockhart and others cite Bunker Hill and June 17 as the real beginning, the first time British and rebel forces faced off in sustained conflict over a specific piece of territory. A day-long reenactment of the battle got underway Saturday morning with the seaside city of Gloucester standing in for Charlestown. Organizers chose a state park some 35 miles (56 kilometers) from Boston to stage the battle because such activity is prohibited at the actual site. Hundreds of onlookers watched as sharpshooters positioned on a rocky outcropping fired upon red-coated British sailors landing in the harbor. During the actual battle, British soldiers responded by setting a fire to drive them off and used the smoke to mask their movements. Bunker Hill was an early showcase for two long-running themes in American history — improvisation and how an inspired band of militias could hold their own against an army of professionals. 'It was a horrific bloodletting, and provided the British high command with proof that the Americans were going to be a lot more difficult to subdue than had been hoped,' says the Pulitzer Prize-winning historian Rick Atkinson, whose second volume of a planned trilogy on the Revolution, 'The Fate of the Day,' was published in April. The battle was born in part out of error; rebels were seeking to hold off a possible British attack by fortifying Bunker Hill, a 110-foot-high (34-meter-high) peak in Charlestown across the Charles River from British-occupied Boston. But for reasons still unclear, they instead armed a smaller and more vulnerable ridge known as Breed's Hill, 'within cannon shot of Boston,' Philbrick says. 'The British felt they had no choice but to attack and seize the American fort.' Abigail Adams, wife of future President John Adams, and son John Quincy Adams, also a future president, were among thousands in the Boston area who looked on from rooftops, steeples and trees as the two sides fought with primal rage. A British officer would write home about the 'shocking carnage' left behind, a sight 'that never will be erased out of my mind 'till the day of my death.' The rebels were often undisciplined and disorganized and they were running out of gunpowder. The battle ended with them in retreat, but not before the British had lost more than 200 soldiers and sustained more than 1,000 casualties, compared to some 450 colonial casualties and the destruction of hundreds of homes, businesses and other buildings in Charlestown. Bunker Hill would become characteristic of so much of the Revolutionary War: a technical defeat that was a victory because the British needed to win decisively and the rebels needed only not to lose decisively. 'Nobody now entertains a doubt but that we are able to cope with the whole force of Great Britain, if we are but willing to exert ourselves,' Thomas Jefferson wrote to a friend in early July. 'As our enemies have found we can reason like men, now let us show them we can fight like men also.'