U.S. government contractor Conduent, which provides technology to support services such as child support and food assistance, has confirmed that a recent outage was caused by a cybersecurity incident. 

Conduent confirmed the disruption, which left some U.S. residents without access to support payments, to TechCrunch on Tuesday but declined to say whether the outage was related to a compromise of its systems. 

In an updated statement sent to TechCrunch on Wednesday, Conduent spokesperson Sean Collins confirmed that the disruption was due to a “due to a cybersecurity incident”, the nature of which was not confirmed. 

“This incident was contained and all systems have been restored,” Collins said. “Maintaining system integrity and functionality is as important to us as it is to our clients.”

Collins declined to share any further details about the incident, including whether the company was aware of any data exfiltration.

Almost four years to the day since his father was taken into custody for his part in the January 6 Capitol riot, Jackson Reffitt watched in complete shock as President Donald Trump signed an executive order that pardoned and commuted sentences for his father and some 1,500 other insurrectionists.

Reffitt has spent most of the last four years in hiding, constantly on the move every few months. He was the person who tipped off the FBI about his father’s involvement in the insurrection. Jackson’s father, Guy Reffitt, was a member of the Texas Three Percenter group when he stormed the Capitol wearing body armor and carrying a pistol and zip ties. He was caught on camera urging other rioters to storm the Capitol building and told members of his militia group that he intended to drag House Speaker Nancy Pelosi out of the building by her ankles, “with her head hitting every step on the way down.”

“Trump himself has given him a presidential pardon to let him be free. That validation is a once-in-a-lifetime kind of experience that he’s never going to get again,” Reffitt tells WIRED. “I can’t imagine what he’s going to be willing to do now. It could get a whole hell of a lot worse.”

Reffitt is “terrified” about what is going to happen next, and has armed himself with a handgun and a rifle to protect himself and his boyfriend. Over the last few years, he has been targeted, harassed and threatened online.

Since Trump pardoned everyone, the threats are becoming even more intense.

“[In the last 24 hours] it’s gotten worse than ever,” Reffitt tells WIRED. “I think just because, yet again, the validation that Trump is bringing is just making people a whole lot more emboldened to just say some vile, disgusting shit.”

Reffitt is not the only family member of a released January 6 prisoner who is concerned about the fallout from Trump’s blanket pardons. Tasha Adams, the ex-wife of Oath Keeper leader Stewart Rhodes who had his 22-year sentence for seditious conspiracy commuted by Trump, is also worried about what might happen. “Stewart is out of prison now and, frankly, I could really use a bit of a run fund, in case it comes to that,” Adams wrote on her GoFundMe page on Tuesday, hours after her ex-husband was released from prison.

The investigation into the January 6, 2021 attack on the Capitol became the biggest in Justice Department history, and left many far-right militia groups in the country in ruins. But with a single pen stroke on Monday night, Trump has reinvigorated the militia movement, freeing their most prominent figures, including Rhodes and Proud Boy leader Enrique Tarrio.

“One of things I’m most concerned about is the risk of groups that were decimated after J6 coming back stronger, especially since many of them had their sentences commuted or were outright pardoned,” says Luke Baumgartner, a research fellow at George Washington University’s Program on Extremism. “I wouldn’t be shocked if the Oath Keepers began making more appearances, and seeing the Proud Boys accelerate their culture war tactics, especially against the LGBTQ community, like we’ve seen before. Their leaders are free, they have a lot to catch up on, and they are likely feeling vindicated.”

Got a Tip?

Are you a family member of a January 6 prisoner who is being released? We’d like to hear from you. Using a nonwork phone or computer, contact David Gilbert at david.gilbert@wired.com or securely on Signal on DavidGilbert.01

Guy Reffitt was the first rioter to go on trial for his actions on January 6 and initially received a sentence of seven years and three months, which was reduced by seven months in December after a Supreme Court ruling that led to the dismissal of an obstruction charge against him.

“I’m a very strong Patriot, with fabulous support from Patriot Warriors, as we navigate troubled waters,” Reffitt wrote to one acquaintance from jail in a text message submitted by the prosecution at his December resentencing.

A plan to build a system of data centers for artificial intelligence has been revealed in a White House press conference, with Masayoshi Son, Sam Altman, and Larry Ellison joining Donald Trump to announce The Stargate Project. Their companies, Softbank, OpenAI, and Oracle (respectively), along with MGX are listed as “initial equity funders” for $500 billion in investments over the next four years, “building new AI infrastructure for OpenAI in the United States.”

According to a statement from OpenAI, “Arm, Microsoft, NVIDIA, Oracle, and OpenAI” are the initial tech partners, with a buildout “currently underway” starting in Texas as other sites across the country are evaluated. It also says that “Oracle, NVIDIA, and OpenAI will closely collaborate to build and operate this computing system.”

It’s only January, but the recent hack of U.S. edtech giant PowerSchool has the potential to be one of the biggest breaches of the year. 

PowerSchool, which provides K-12 software to more than 18,000 schools to support some 60 million students in the United States, confirmed the breach in early January. The California-based company, which Bain Capital acquired for $5.6 billion in 2024, said at the time that hackers used compromised credentials to breach its customer support portal, allowing further access to the company’s school information system, PowerSchool SIS, which schools use to manage student records, grades, attendance, and enrollment. 

“On December 28, 2024, we became aware of a potential cybersecurity incident involving unauthorized access to certain PowerSchool SIS information through one of our community-focused customer portals, PowerSource,” PowerSchool spokesperson Beth Keebler told TechCrunch. 

PowerSchool has been open about certain aspects of the breach. Keebler told TechCrunch that the PowerSource portal, for example, did not support MFA at the time of the incident, while PowerSchool did. But a number of important questions remain unanswered.

This week, TechCrunch sent PowerSchool a list of outstanding questions about the incident, which has the potential to impact millions of students in the U.S. Keebler declined to answer our questions, saying that all updates related to the breach would be posted on the company’s SIS incident page, which hasn’t been updated since January 17.

PowerSchool told customers it would share an incident report from cybersecurity firm CrowdStrike, which the company hired to investigate the breach, on January 17. But several sources who work at schools impacted by the breach told TechCrunch that they have yet to receive it.

The company’s customers also have lots of unanswered questions, forcing those impacted by the breach to work together to investigate the hack. 

Here are some of the questions that remain unanswered. 

It’s not known how many schools, or students, are affected

TechCrunch has heard from schools affected by the PowerSchool breach that the impact could be “massive.” However, PowerSchool’s incident page makes no mention of the scale of the breach, and the company has repeatedly declined to say how many schools and individuals are affected. 

In a statement sent to TechCrunch last week, Keebler said PowerSchool had “identified the schools and districts whose data was involved in this incident,” but would not be sharing the names of those involved. 

However, communications from impacted school districts give a general idea of the size of the breach. The Toronto District School Board (TDSB), Canada’s largest school board that serves approximately 240,000 students each year, said this week that hackers may have accessed some 40 years’ worth of student data. Similarly, California’s Menlo Park City School District confirmed that hackers accessed information on all current students and staff — which respectively number around 2,700 students and 400 staff — as well as students and staff dating back to the start of the 2009-10 school year.

The scale of the data theft is also unknown. PowerSchool also hasn’t said how much data was accessed during the cyberattack, but in a communication shared with its customers earlier this month, seen by TechCrunch, the company confirmed that hackers stole “sensitive personal information” on students and teachers, including some students’ Social Security numbers, grades, demographics, and medical information. TechCrunch has also heard from multiple schools affected by the incident that “all” of their historical student and teacher data was accessed. 

One person who works at an affected school district told TechCrunch that the stolen data includes highly sensitive student data, including information about parental access rights to their children, including restraining orders, and information about when certain students need to take their medications. 

PowerSchool hasn’t said how much it paid the hackers responsible for the breach

PowerSchool told TechCrunch that the organization had taken “appropriate steps” to prevent the stolen data from being published. In the communication shared with customers, the company confirmed that it worked with a cyber-extortion incident response company to negotiate with the threat actors responsible for the breach. 

This all but confirms that PowerSchool paid a ransom to the attackers that breached its systems. However, when asked by TechCrunch, the company refused to say how much it paid, nor how much the hackers demanded.

We don’t know what evidence PowerSchool received that the stolen data has been deleted

In a statement shared with TechCrunch earlier this month, PowerSchool’s Keebler said the organization “does not anticipate the data being shared or made public” and that it “believes the data has been deleted without any further replication or dissemination.”

However, the company has repeatedly declined to say what evidence it has received to suggest that the stolen data had been deleted. Early reports said the company received video proof, but PowerSchool wouldn’t confirm or deny when asked by TechCrunch. 

Even then, proof of deletion is by no means a guarantee that the hackers are still not in possession of the data; the U.K.’s recent takedown of the LockBit ransomware gang unearthed evidence that the gang still had data belonging to victims who had paid a ransom demand. 

We don’t yet know who was behind the attack

One of the biggest unknowns about the PowerSchool cyberattack is who was responsible. The company has been in communication with the hackers but has refused to reveal their identities. CyberSteward, the Canadian incident response organization that PowerSchool worked with to negotiate, did not respond to TechCrunch’s questions.

Do you have more information about the PowerSchool data breach? We’d love to hear from you. From a non-work device, you can contact Carly Page securely on Signal at +44 1536 853968 or via email at carly.page@techcrunch.com.

When it comes to protecting yourself online, having a secure password has been the default recommendation. However, you may be surprised to know that having a secure username is just as important as using a strong password.

Serving as your identity online, usernames are prized assets for hackers to acquire. Even if they’re not as coveted as your passwords, they can be used to get hold of your online data.  In this sense, it’s essential to craft a unique and safe username that will keep your accounts away from threat actors and prying eyes.

In this article, we discuss what a username is, why it’s important to have a unique and secure username, and some tips and tricks to get there.

What is a username?

A username is a group of characters that serve as your identity for an account or service, either in a computer system or on the internet. They’re also called login names, user IDs, login IDs, and account names.

As identifiers, usernames help distinguish and set you apart from other people or accounts. This is in contrast to passwords, which are used to authenticate or verify that you are who you say you are when logging into an account.

Below is a quick description of both and their main difference:

• Usernames: Identifies who you are, either in a computer, a network, an online service, or an application.
• Passwords: Authenticates or confirms that you are who you claim to be, enabling you access to an account after it’s correctly provided.

These days, most online sites, social media networks, games, and applications require a username before you can continue using their service. Some websites allow you to use your email address as a username, but that isn’t always the case and, at times, isn’t the recommended practice.

SEE: SMB Security Pack (TechRepublic Premium)

Why is it important to create a secure username?

While it seems like a no-brainer to have a strong password, having an equally secure username is crucial for these reasons:

They’re often included in data leaks and breaches

In a massive data breach, a hacker aims to get as much information on you as possible. This means they not only target passwords but also eye your phone number, address, email, and of course, your username.

Since usernames and passwords go hand-in-hand, a hacker having your username technically means they have 50% of your login credentials. This makes it significantly easier for cybercriminals to use strategies like brute force attacks or credential stuffing, i.e., a high-powered form of trial and error, to try and steal your account.

Usernames are public information

It’s essential to remember that most usernames are available to the public because they act as identifiers. Think about your business’ LinkedIn account, your Amazon account, or even your personal username for gaming. All of these can be viewed by both you, other people, and hackers alike. In this regard, they don’t have the same type of security as passwords regarding private information.

With this, I strongly recommend creating unique usernames for each account you have. Why? Let’s say you regularly use one username for many of your accounts — including your email address. Here, hackers can use your public username to track down all your other accounts. This leaves you highly susceptible to social engineering tactics, scams, or phishing attempts.

They can help build your anonymity online

While usernames are public, they don’t necessarily have to include your full name. In this regard, having a secure username can be a great way for you to strengthen your online privacy. If you do it right, no one technically knows which username is tied to your account. This allows you to browse the internet without worrying about others looking into what you’re doing online.

Another way usernames can help strengthen privacy is by using them to separate your work and personal life online. Like the example above, you can use a completely different username for your personal accounts. This allows you to keep your personal feed private and maintain your business account at the same time.

How do I create a secure username?

Fortunately, creating a secure username can be a straightforward process, provided you follow some key steps. Here’s what I recommend:

1. Avoid including your full name, address, or other personal information

Most accounts, except work accounts perhaps, won’t require you to use your full name — and for good reason. Having your name in your username will make it much easier for hackers to identify you and subsequently find your other accounts.

For example, if both your name is John Doe and you have “JohnDoe” as your Amazon account, it would be a breeze for cybercriminals to put two and two together and conclude that this Amazon username is yours.

Similarly, any personally identifiable information also shouldn’t be in your username, as you’re inadvertently giving hackers more data to work with to hack your account.

Here’s a list of data you should definitely avoid including in your username:

• Date of birth.
• Address.
• Email address.
• Phone number/s.
• ID numbers or PINs.
• Social security number.
• Your hometown.

Remember, since usernames are public info, hackers have the same access to them as you do. If you include something like your home address in your username, a savvy hacker can use it to their advantage and possibly target you.

Hackers can also use any personal info you have in your username to answer security questions. These questions are safeguards placed in most online services that help authenticate your identity and allow you to retrieve or reset your password when needed.

To illustrate, let’s say your username is JohnDoeAug11. In this instance, a hacker can assume that “Aug11” is your date of birth. In theory, this means the hacker now has both your name and your birthday.

If you have an online account, that has a security question asking what your birthday is, they would now be able to unlock your account or login credentials without you knowing.

2. Don’t reuse usernames for other accounts

It’s worth emphasizing that you should avoid reusing usernames when creating a new account. Using a new, unique username every time you make a new account drastically reduces the likelihood of your accounts being hacked.

While this can be inconvenient, I do think the additional layer of security you provide your accounts with this practice is very much worth it.

In addition, I also discourage merely revising old usernames or slightly modifying them. Why so? Let’s take for example, having the username “techrepublic1.”

If we change it to something like “techrepublic2,” this still leaves you at great risk of being compromised since hackers can readily sift through different variations of your username when they try to acquire your credentials.

Steering clear of repeating used login details is the same practice recommended when creating a new password. If you’re curious about how to have a strong password, check out our How to Create a Secure Password guide.

3. Make it memorable for you but hard to guess for everyone else

Now that we’ve gone through some things not to do, let’s see how we can actually create a unique username from scratch. Since usernames can be anything under the sun, one way to do it is to use a combination of words that mean something to you and only you.

I strongly suggest mixing words or phrases that mean something to you but can be hard for anyone else to guess. Here are some ideas to think of when creating your unique username:

• Your hobbies or interests.
• Your characteristics or personality.
• Your favorite items.
• Old nicknames or pet names.
• Favorite movies, games, or TV shows.

Let’s say your favorite animal is a dolphin, and you’re quite fond of pizza. For you, maybe “pizzadolphin37” as a username is a good pick.

It’s also encouraged to add in random characters, like symbols or numbers, at your discretion. Just make sure you’re able to remember it well.

4. Ensure your username and password are unrelated

Another thing to remember is to ensure your username and password are two completely unrelated words. While this may seem obvious, having a username-password combo that connects somehow is a recipe for disaster.

Below is an example of login credentials that relate to each other:

• Username: RosesAreRed.
• Password: VioletsAreBlue.

Even if having related login details helps remember them, it’s important to acknowledge that both hackers and their tools have evolved. Such a combination would not be difficult to crack for hackers and threat actors, much less more experienced ones at that.

5. Use a random username generator

Finally, you can also use online username generators that will automatically create a username for you. Many of these username generators let you set specific parameters for your username, such as how many characters it has, what type of words are used if it’s random text or an actual phrase, and the like.

Below are some online username generators I’ve seen that provide a fair amount of options and settings you can tweak to get your desired username:

A handful of password managers also have username generators you can use, such as 1Password and Bitwarden. I’ll be listing these password managers, and more details about them are below to better understand which ones to go for.

6. Have a secure way to store them, such as via a password manager

As we’ve touched on them, password managers can be worthwhile investments in storing and securing unique usernames. Aside from storing passwords, password managers are also designed to automatically store all the usernames you use for each account. This means you won’t have to think about remembering all your usernames, as the password manager does for you.

Most modern password managers also include autofill capabilities, which removes the hassle of remembering the specific username and password for each account. With autofill, password managers will automatically populate the login form fields for you.

Password managers with username generators

If you’re interested in trying out a password manager service, here are three that I find are worth checking out.

Fortunately, all three password managers below offer a username generator either within the app or via their official website, so you’ll have no trouble creating a unique username with any of them.

Bitwarden

If you’re looking for a fully free password manager, Bitwarden is one of the best. Its free plan provides unlimited password storage, which is a big plus considering other free password managers impose a cap on how many passwords can be stored. Bitwarden Free also enables access to an unlimited number of devices, letting you access your encrypted vault from any device. Privacy enthusiasts also appreciate Bitwarden for being open-source and having a strong portfolio of third-party audits.

To learn more, read our full Bitwarden review.

1Password

For users that prioritize having a streamlined user experience, I recommend 1Password. Its desktop application and browser extension both have polished designs, making it easy to manage numerous passwords and accounts. On the security side, 1Password employs a zero-knowledge approach, ensuring all your sensitive credentials are only accessible to you alone. 1Password accounts are also end-to-end encrypted and use AES-256 encryption, the gold standard encryption algorithm in the industry today.

To learn more, read our full 1Password review.

NordPass

If you’re a fan of NordVPN and looking for a companion password manager, NordPass should be on your radar. As Nord Security’s take on password management, NordPass takes a lot of cues from their popular VPN in providing a strong balance between having a clean UI without sacrificing overall security. It uses the “future-proof” XChaCha20 encryption algorithm; offers a refined and modern-looking desktop app; and provides a reasonable amount of multifactor authentication methods as well. I personally appreciate its subscription options, having both a free version and either an annual or two-year paid plan.

To learn more, read our full NordPass review.

So you need to send some money. Maybe you want to slip a couple of $20 bills in a birthday card. Maybe it’s a larger payment for some not-at-all-sketchy, off-the-books services rendered. Either way, it can be a pain to send paper money without having to worry that it might mysteriously slip out of your envelope into someone else’s pocket.

“Sending cash physically via mail or something is probably one of the least efficient options for moving money around,” says Kevin L. Matthews, a financial advisor who has offered money advice for WIRED before. “It’s not necessarily something that I would recommend.”

The problem, he says, is that if something goes wrong and the cash goes missing, there’s really nothing you can do about it. There are better ways to transfer finances, but if you absolutely have to get your coins from one piggy bank to another, here are the best ways to do so without getting ripped off.

Don’t Get Scammed

To be clear upfront, you should not just stick a wad of cash in the mail and hope for the best. There’s too high of a chance it will get lost, stolen, or otherwise wind up in the hands of someone you don’t intend.

And to that last point, if you are sending somebody any kind of payment, ask yourself these basic questions: Do you personally know the individual you’re sending money too? Have you vetted the agency purporting to get your dough to the right place? Is there any fine print? Does the method for sending money seem too good to be true? If any of those questions give you pause, it’s probably a scam.

Scams are evolving quickly, Matthews says, and they are getting more difficult to detect all the time. “The number one rule is, don’t ever send any money to anyone that you do not know. And don’t be afraid to call and check. That’s always an option. Be careful of the details, verify the information, and just make sure this makes sense. Because usually once that money walks out the door, it’s absolutely not coming back.”

There are lots of ways to keep yourself and your loved ones from getting ripped off and protect yourself from AI scam calls. (Grandma, I promise you, Charter.bot texting to ask you to send it gift cards is not a legitimate way to pay your cable bill.)

Paper Trail

There are ways to send cash safely. If you’re just sending a small amount, like slapping a fiver in a birthday card, using the regular mail system is probably fine. You run the risk of it getting lost, like with anything you mail. But if you care about the money getting where it needs to go, you should insure it or send a money order.

In the US, you’re allowed to ship cash up to $500 without having to register it with the US Postal Service. It’s not technically illegal to send more than that through the US Mail, but it’s also not a good idea. If you do need to send cash and don’t mind Uncle Sam knowing about it, you can insure your package for a value of up to $50,000. There are a couple caveats, though.

When George Avetisov was the founder and CEO of cybersecurity startup HYPR, he spent a lot of time in the trenches with the company’s sales team. He quickly realized that regardless of how good his sales team was, they were consistently pulling in other departments to answer customer questions or fill out technical questionnaires.

“They don’t know the answers to most questions that get asked of them,” Avetisov told TechCrunch. “They have to ask a product person, they have to pull in a sales engineer. It’s a daunting task, and these people are brilliant, like I’ve worked with some amazing sales reps, but the problem with sales is there’s no easy way for them to automate knowledge.”

Avetisov (pictured above in the center) decided that would be his next problem to solve. He left HYPR in 2021 and took a brief interlude from startups to play and beat video game Elden Ring; Avetisov said he wanted a little downtime before being all consumed by another startup. He launched his new company, 1up, in 2022.

1up is an AI-powered knowledge automation platform for sales teams that pulls information from internal company data sources and databases. Sales professionals can turn to 1up to find answers to their product or technical questions, execute requests for proposal and also use it help fill out technical questionnaires.

The company launched publicly in January 2024 and has since amassed nearly 100 customers that range from startups to large enterprise customers including WalkMe and Deliveroo. The company has been able to land a not insignificant portion of these customers through an unorthodox marketing strategy: memes.

“We run one of the biggest sales meme libraries in the community, and we get millions of impressions on LinkedIn,” Avetisov said. “People follow us just from our memes. I know it’s a little weird, but like, one out of three of our leads comes from a meme.”

Now the company is announcing a $5 million funding round led by Upfront Ventures with participation from RRE Ventures, 8-Bit Capital, and individuals like Friendster founder Jonathan Adams, among others. Upfront general partner Kobie Fuller is the lead investor and will take a seat on the company’s board.

Fuller told TechCrunch that he got a cold email from Avetisov just days after one of his portfolio companies mentioned 1up might be a good fit for Fuller’s investment thesis regarding how AI will change enterprise’s approach to knowledge. When talking about this thesis to Avetisov, Fuller said they were speaking the exact same language.

“So much of how we make investment decisions is around the founder and George, a second-time founder, saw the problem and pain point first hand,” Fuller said. “When we talk with George, he can dive in at whatever level or depth in a manor you don’t see all the time with CEOs. You can tell he’s mission driven, he has 1up tattooed on his inner wrist. He’s really, really in it; he’s incredibly scrappy.”

Since the release of ChatGPT in 2022, AI startups building for sales departments have exploded, especially when it comes to building AI tools that help customers generate sales leads and with client outreach. Companies looking to provide knowledge centers for enterprises, many of which popped up prior to 2022, started gaining momentum, too.

Avetisov isn’t deterred, though. He said that 1up provides such a different service than the AI sales lead generators that he doesn’t think 1up is competing for the same line in a company’s budget. He said that he doesn’t think companies need all-encompassing knowledge centers, but 1up’s approach is different because it solves a specific problem.

“When you talk to the enterprise, knowledge management is not a budget item. It’s not a hair on fire problem,” Avetisov said. “Our philosophy on this is that for knowledge automation to succeed and become a billion-dollar company or industry, it needs to be laser-focused on a persona and on a department.”

The next steps for 1up, now that its raised this recent funding, is to scale out the sales team. There will also be some feature upgrades, though Avetisov wasn’t ready to share the details on those quite yet.

“Sales teams get a lot of shit,” Avetisov said. “They have one of the hardest jobs in the company, and their tool set is horrible. They’ve got so many tools for prospecting and CRMs and all that stuff. But when it comes to knowledge management, they have been completely neglected. So that’s our hot take. That’s our laser focus.”

• President Donald Trump has signed a “full and unconditional” pardon for Ross Ulbricht
• The Silk Road operator had received two life sentences and a further 40 years
• Trump said the same “lunatics” were behind the fight against him

President Trump has signed a “full and unconditional” pardon for Silk Road foudner and operator Ross Ulbricht.

Silk Road was a notorious dark web marketplace selling illegal drugs, hacking tools and stolen passports during its operation between 2011 and 2013.

The U.K.’s Competition and Markets Authority (CMA) has a new interim chairman: former Amazon executive Doug Gurr (pictured above).

The announcement comes as the U.K. seeks to position itself as a pro-growth, pro-tech nation by cutting red-tape and bureaucracy, with artificial intelligence (AI) taking center stage. The country is also nearing the end of a long investigation into the domestic cloud services market that had Amazon firmly in the CMA’s crosshairs.

In its announcement on Tuesday, the government leaned into Gurr’s past at Amazon as a means to “boost growth and support the economy,” noting that he will “bring a wealth of experience” from his work in the sector.

“This Government has a clear Plan for Change — to boost growth for businesses and communities across the U.K.,” Jonathan Reynolds, the U.K.’s secretary of state for business and trade, said in a statement. “As we’ve set out, we want to see regulators including the CMA supercharging the economy with pro-business decisions that will drive prosperity and growth, putting more money in people’s pockets.”

The big tech factor

Gurr joined Amazon’s U.K division in 2011, initially as VP of its “hardlines” division, which focused on products such as gardening and toys. He transitioned into the role of country manager for Amazon’s China business in 2014, before moving back to head up U.K. operations in 2016. Gurr left Amazon in 2020 to become the director of the Natural History Museum.

Outgoing chair Marcus Bokkerink, who has more of a consulting than commercial background, held his post for less than three years, a relatively short tenure as the position typically lasts up to five years. However, reports indicate that chancellor Rachel Reeves was underwhelmed following a meeting with various U.K. regulators last week, prompting a changing of the guard.

It’s worth noting that although Gurr’s appointment is on an interim basis, the CMA’s CEO Sarah Cardell was also initially appointed as interim CEO back in 2022 before she moved into the role permanently.

That’s not to say this is what will happen with Gurr, but it gives a clear indication about the type of person the government wants to see chairing the country’s antitrust regulator — a body currently investigating big tech firms for all manner of alleged contraventions.

Alex Haffner, competition partner at law firm Fladgate, says it’s no coincidence that Gurr’s appointment has come at a time when the U.K. is “banging the drum for its growth agenda.” He also highlighted that Gurr’s background is “unashamedly commercial” compared to his predecessor.

Over and above that, however, this appointment raises questions about how the CMA might approach its enforcement of rules around big tech across verticals.

“What stakeholders will now be assessing is how the new appointment translates into the CMA’s approach to enforcement,” Haffner said in a statement to TechCrunch. “Recent signs are that it has taken heed of criticism of previous decisions and is perhaps more willing to be flexible — the recent Vodafone / Three clearance decision being a case in point. However, the new Chair also takes on the role at a time when the CMA has taken on significant new powers under the Digital Markets Competition and Consumer Act, particularly in relation to its oversight of big tech, meaning the CMA will likely become more activist, albeit giving considerable attention as to how to enforce in a way which best stimulates competition and therefore economic growth.”

The Open Cloud Coalition, a Google-backed lobby group launched back in October to curry favor with European lawmakers, “congratulated” Gurr on his appointment as interim chair. However, Nicky Stewart, senior advisor to the Open Cloud Coalition, urged the regulator not to lose sight of its ongoing investigation into the cloud services market, which counts Amazon as the runaway market leader.

“As the CMA’s cloud market investigation enters a critical phase, we urge the regulator to stay the course and take decisive action to create a fairer, more competitive cloud market that benefits businesses, consumers, and the wider digital economy,” Stewart said in a statement issued to TechCrunch. “The cloud industry can only flourish when there is a level playing field, and as outlined in our position paper, meaningful intervention is essential to unlocking innovation and investment across the sector.”