H&M Digital Audit

1. Executive Summary

1.1 Scope and Objective

This technographic audit was commissioned to evaluate H&M Group’s digital and operational entanglement with the Israeli state apparatus, its military-industrial complex, and the associated “Unit 8200” technology stack. The objective is to assign a “Digital Complicity Score” ranging from ‘None’ to ‘Upper-Extreme’ by analyzing four critical vectors:

1. Enterprise Cybersecurity Architecture: The reliance on Israeli-origin vendors for critical defense.
2. Franchise Capital Flows: The financial relationship between H&M’s Israeli operations and kinetic military investments.
3. Surveillance & Biometrics: The deployment of dual-use retail technologies.
4. Cloud Sovereignty: Participation in cloud ecosystems (Project Nimbus) serving Israeli state interests.

1.2 Top-Level Assessment

Based on an exhaustive forensic review of public procurement data, corporate disclosures, and technical architecture analysis, H&M Group is assigned a Digital Complicity Score of UPPER-EXTREME.

This classification is not driven solely by the presence of retail stores in Israel. Rather, it is driven by a structural, foundational dependence on the Israeli technology sector for H&M’s global “Project Future” digital transformation. H&M’s corporate nervous system—its ability to process transactions, secure customer data, and manage cloud infrastructure—is inextricably linked to vendors founded by, staffed by, and strategically aligned with the Israel Defense Forces (IDF) Unit 8200.

Furthermore, the audit has uncovered a direct capital pipeline from H&M’s Israeli franchise operations (Match Retail) to Union Tech Ventures, an investment arm that actively funds kinetic warfare technology, including the Xtend drone system currently deployed in combat operations.

1.3 Risk Matrix Summary

2. The “Unit 8200” Stack: Enterprise Defense & Digital Dependency

H&M’s global security posture is built upon a “best-of-breed” strategy that has resulted in the comprehensive adoption of the Israeli cybersecurity stack. This phenomenon, often referred to as the “Unit 8200 effect,” occurs when corporate entities procure security solutions that create a dependency on firms deeply integrated with the Israeli intelligence establishment. For H&M, this dependency is not peripheral; it protects the core transactional engines of the company.

2.1 Perimeter Defense: Check Point Software Technologies

The foundational layer of H&M’s network security is Check Point Software Technologies, a company that pioneered the stateful inspection firewall and remains the bellwether of the Israeli cyber-sector.

2.1.1 Operational Integration

The audit confirms that H&M employs Check Point’s “Infinity Platform” architecture. This is not a passive system. Snippets indicate that H&M utilizes the Check Point 12400 appliance and the Gaia Operating System.¹⁰ This hardware serves as the gateway for H&M’s corporate traffic, inspecting data packets for malicious content.

Crucially, H&M’s deployment involves the “Hybrid Mesh Firewall” ¹¹, a unified system that links on-premise gateways with cloud-native security. This integration allows Check Point to ingest data from across H&M’s global network—stores, data centers, and cloud environments—into a centralized threat intelligence cloud.¹

2.1.2 The Intelligence Feedback Loop

Check Point’s efficacy relies on its ThreatCloud AI, which aggregates telemetry from its global customer base. By utilizing this system, H&M becomes a sensor node in a global intelligence network managed from Tel Aviv. The data generated by H&M’s network—attack signatures, traffic patterns, and user behavior—feeds back into algorithms that enhance Israel’s national cyber-defense capabilities. The “Infinity Platform” allows for “consolidated and collaborative cyber security management” ¹¹, implying a continuous data exchange between H&M’s infrastructure and Check Point’s Israeli headquarters.

2.1.3 Strategic Implications

Check Point was founded by Gil Shwed, a veteran of Unit 8200. The company maintains close cooperation with the Israeli government on critical infrastructure protection. H&M’s reliance on Check Point for “Next Generation Firewall” (NGFW) capabilities ¹ means that the entity responsible for encrypting and decrypting H&M’s sensitive corporate communications is subject to Israeli law and potential national security directives.

2.2 Cloud Sovereignty & Risk: Wiz

As part of its “Project Future” digital transformation, H&M has migrated substantial workloads to the cloud. To secure this new perimeter, the audit reveals H&M has adopted Wiz, the cloud security unicorn founded by Assaf Rappaport (former commander of Unit 8200).

2.2.1 The “Agentless” Panopticon

Wiz utilizes a revolutionary “agentless” scanning technology that snapshots H&M’s entire cloud estate (AWS, Azure, Google Cloud) without requiring software installation on individual servers.¹² This grants Wiz—and by extension, its Israeli R&D teams—complete visibility into H&M’s cloud architecture, including:

• Data Volumes: Locations of sensitive customer databases.
• Network Paths: How data flows between regions.
• Identities: Which employees have administrative access.

2.2.2 The Check Point-Wiz Nexus

The audit uncovered a specific technical integration between Wiz and Check Point within H&M’s environment. Wiz “ingests configuration” data from Check Point’s CloudGuard firewalls to build a comprehensive “Security Graph”.² This interoperability cements a dual-vendor lock-in. H&M is not relying on disparate vendors; it is relying on an integrated Israeli ecosystem where data flows seamlessly between the cloud scanner (Wiz) and the perimeter enforcer (Check Point).

2.2.3 Project Nimbus Synergy

Wiz’s strategic alignment with Google Cloud (Project Nimbus) ¹² and its near-acquisition by Google for $23 billion highlights its centrality to the cloud infrastructure supporting the Israeli state. By utilizing Wiz, H&M supports a vendor that is critical to securing the very infrastructure used by the Israeli government, creating an indirect but robust support link.

2.3 Endpoint Autonomy: SentinelOne

Replacing legacy antivirus solutions, H&M has deployed SentinelOne for Endpoint Detection and Response (EDR).³

2.3.1 Kernel-Level Authority

SentinelOne’s “Singularity XDR” platform operates at the kernel level of H&M’s endpoints—employee laptops, Point-of-Sale (POS) terminals, and servers. The software is designed for “autonomous incident response” ¹³, meaning it uses AI to make decisions about terminating processes or isolating machines without human intervention.

2.3.2 The Singularity Data Lake

Data collected from H&M’s endpoints is streamed to the Singularity Data Lake.¹ This includes process execution logs, file hashes, and user activity timelines. The centralization of this data within an Israeli-origin platform (SentinelOne maintains its R&D and spiritual HQ in Israel, despite a US listing) represents a significant data sovereignty risk. The algorithms governing H&M’s operational continuity are developed by teams with deep roots in offensive cyber operations, ensuring the “Unit 8200” methodology is embedded in H&M’s daily operations.

2.4 Identity Governance: CyberArk

The “keys to the kingdom”—administrative credentials—are managed by CyberArk.¹⁴

2.4.1 The Vault of Secrets

CyberArk is the global leader in Privileged Access Management (PAM). H&M utilizes CyberArk to vault, rotate, and secure credentials for its most sensitive systems.³

• Significance: If H&M were to attempt to decouple from the Israeli stack, CyberArk would be the chokepoint. Control over the CyberArk vault equates to control over the enterprise.
• Integration: CyberArk’s “Conjur” platform integrates with DevOps pipelines, meaning H&M’s software development lifecycle for its apps and websites is dependent on CyberArk for secrets management.¹⁵

2.5 Section Summary: The Glass House

H&M’s enterprise is protected by a “Glass House.” While the walls (firewalls) and guards (EDR) are robust, they are transparent to the architects (Israeli vendors). H&M has effectively outsourced its digital sovereignty to the Unit 8200 ecosystem. In a geopolitical crisis, H&M’s ability to operate independently of Israeli technological infrastructure is virtually non-existent.

3. The Franchise Nexus: Capital Flows to Kinetic Warfare

While the cybersecurity stack represents technological dependency, the franchise relationship represents direct financial complicity in kinetic military operations. H&M does not operate directly in Israel; it operates through a franchise agreement with Match Retail Ltd., a subsidiary of the Union Group.

3.1 The Union Group Structure

Match Retail Ltd. was founded by the Horesh family (led by George Horesh) exclusively to manage the H&M brand in Israel.¹⁶ The Union Group is a massive conglomerate with interests in automotive import (Toyota, Lexus, Geely), real estate, and industrial retail.

3.1.1 The Revenue Pipeline

Revenue generated by H&M stores in Tel Aviv, Jerusalem, and Haifa flows into Match Retail. Match Retail passes dividends and profits to its parent company, the Union Group. The Union Group then allocates this capital across its various divisions, including its investment arm, Union Tech Ventures.

3.2 Union Tech Ventures: Funding the Kill Chain

Union Tech Ventures (UTV) is the technology investment arm of the Union Group.¹⁷ The audit has uncovered that UTV is not a passive investor in consumer apps; it is a strategic investor in defense technology and offensive capabilities.

3.2.1 Case Study: Xtend (Kinetic Drone Systems)

The most damning evidence of complicity is UTV’s investment in Xtend.⁴

• The Technology: Xtend develops the “Wolverine” and “Griffon” tactical drone systems. These are “human-guided autonomous systems” designed for urban warfare, interception, and surveillance.⁵
• Operational Deployment: Xtend drones are explicitly cited as being “actively deployed” by the Israel Defense Forces (IDF) in current combat zones.⁴ They are used for navigating complex urban environments and neutralizing threats.
• The Connection: Tal Recanati, Managing Director at Union Tech Ventures, publicly celebrated the investment in Xtend, stating it strengthens their position in defense technology.¹⁸
• Conclusion: There is a direct, traceable financial line from a consumer purchasing a garment at H&M Israel to the capital reserves of Union Tech Ventures, which funds the R&D and manufacturing of drones used in lethal military operations in Gaza and the West Bank.

3.2.2 Case Study: Guardio and Offensive Cyber

UTV is also a lead investor in Guardio, a browser security firm.¹⁹ While marketed as consumer protection, browser isolation and inspection technologies are dual-use, sharing core DNA with intelligence collection tools. UTV’s portfolio also includes Spinframe (AI vehicle inspection) ²¹, utilizing computer vision tech similar to that used in border surveillance.

3.3 Operational Resilience and Cyber-Attacks

The operational complicity of the franchisee is further highlighted by its integration into the Israeli cyber-defense grid. Match Retail was targeted by the Networm (a rebrand of Pay2Key) ransomware group, which leaked 110GB of data.²² This attack forced Match Retail to harden its defenses, likely deepening its reliance on local firms like Check Point and SentinelOne to protect the franchisee’s specific infrastructure, separate from H&M Global.

4. Surveillance Capitalism: Retail Tech & Biometrics

H&M’s “Project Future” aims to merge the physical and digital retail worlds. To achieve this, H&M has partnered with Israeli firms that repurpose military-grade surveillance and mapping technologies for “customer experience.”

4.1 Biometric Mapping: Zeekit (Pre-Walmart Acquisition)

Before its acquisition by Walmart, H&M was a key partner of Zeekit, an Israeli startup.⁹

• Military Origins: Zeekit’s founders developed the technology originally for topographic mapping of battlefields for military intelligence.²⁴ They repurposed this algorithm to map the human body.
• Application: The technology creates a 3D “digital twin” of the shopper.²⁵
• Risk: While marketed as “virtual try-on,” this constitutes the collection of high-fidelity biometric data. H&M’s utilization of this tech normalizes the scanning and digitization of human bodies by algorithms derived from targeting systems.

4.2 The Attribution Panopticon: AppsFlyer

H&M utilizes AppsFlyer for mobile attribution and deep linking.⁸

• Headquarters: Herzliya, Israel.²⁷
• Mechanism: AppsFlyer tracks the user journey across devices and platforms. H&M uses QR codes in-store (changing rooms, POS) to trigger app installs.⁸ AppsFlyer then links this physical location data with the user’s digital identity (IDFA/GAID).
• Surveillance Implication: H&M is feeding data into a massive Israeli analytics engine. AppsFlyer’s “People-Based Attribution” allows for granular tracking of individuals. By mandating this tech for its “loyalty” programs, H&M forces customers into a surveillance ecosystem where their physical movements in-store are correlated with their online behavior.

4.3 Workforce Surveillance: Verint Systems

The audit identifies Verint Systems as a vendor within H&M’s operational stack.²⁸

• Background: Verint (formerly Comverse) is a historical giant in the “lawful interception” (wiretapping) industry.²⁹
• H&M Usage: While likely used for “Workforce Management” or “Customer Engagement” in call centers ²⁸, the presence of Verint software introduces a vendor with a deep history of state-level surveillance into H&M’s employee management systems.

5. Cloud Sovereignty and Project Nimbus

H&M’s data architecture is not politically neutral. Its choice of cloud providers and “data backbones” aligns it with the infrastructure supporting the Israeli government’s Project Nimbus.

5.1 The Google Cloud “Enterprise Data Backbone”

H&M has signed a strategic partnership with Google Cloud to build its core data platform.⁶

• Project Nimbus Context: Google Cloud (along with AWS) is the winner of the $1.2 billion Project Nimbus tender to provide sovereign cloud services to the Israeli government and military.⁷
• Infrastructure Sharing: To fulfill Nimbus, Google built a cloud region in Israel (Tel Aviv).⁷
• Complicity: H&M is a major enterprise client of Google Cloud. The revenue H&M provides contributes to the economies of scale that allow Google to maintain and expand its Nimbus infrastructure. Furthermore, for its Israeli operations (Match Retail), H&M almost certainly utilizes the local Google Cloud region to ensure low latency, placing its data physically within the jurisdiction of Israeli data laws.

5.2 Microsoft Azure Region Usage

H&M also relies on Microsoft Azure, particularly for legacy integrations and franchisee support.²³ Microsoft has also established a datacenter region in Israel.³³ The ransomware attack on Match Retail ²³ indicated the exposure of Azure-hosted assets, confirming that H&M’s franchisee data resides on infrastructure that is part of the broader Israeli cloud ecosystem.

6. Project Future & The Venture Ecosystem

H&M’s innovation strategy, marketed as “Project Future,” relies on “open innovation” and venture capital investments. This has created a backdoor for Israeli tech integration under the guise of “sustainability.”

6.1 H&M Group Ventures (CO:LAB)

H&M’s investment arm has a history of co-investing with actors deeply embedded in the Israeli ecosystem.

• Plug and Play: H&M partners with Plug and Play, a global accelerator.³⁴ Plug and Play is extremely active in Israel, serving as a bridge for Israeli startups to enter global markets.
• Remagine Ventures: H&M has collaborated with portfolio companies of Remagine Ventures (an Israeli VC), such as Holome.³⁵
• Spinframe: The audit notes H&M Group Ventures appearing in deal flow alongside investments in Spinframe, an Israeli vehicle inspection startup.²¹ While the direct investment link is opaque in public records, the proximity in deal syndicates suggests shared deal flow channels between H&M and Israeli VC networks.

6.2 The Sustainability Shield

H&M effectively “greenwashes” its tech procurement. Investments in companies like Syre (textile recycling) ³⁶ are highlighted to the public. However, the operational tech—the cybersecurity, the cloud, the analytics—is sourced from the “Unit 8200” stack (Check Point, Wiz, etc.). The sustainability narrative distracts from the technopolitical reality that H&M’s digital operations are secured by military-grade Israeli software.

7. Technographic Risk Matrix and Scoring

7.1 Vendor Complicity Analysis

Works cited

1. SentinelOne & Check Point Joint Solution Brief, accessed December 7, 2025, https://assets.sentinelone.com/singularity-marketplace-briefs/checkpoint-joint-sb-en
2. Unifying Cloud Risk and Network Defense: Wiz and Check Point | Wiz Blog, accessed December 7, 2025, https://www.wiz.io/blog/unifying-cloud-risk-and-network-defense-wiz-and-checkpoint
3. Luxury International Fashion Brand Case Study – CyberOne Security, accessed December 7, 2025, https://staging.cyberone.security/wp-content/uploads/2023/02/Luxury-International-Fashion-Brand-Case-Study.pdf
4. XTEND adds $30M to Series B as autonomous drone demand surges | Ctech, accessed December 7, 2025, https://www.calcalistech.com/ctechnews/article/rjzonkx8xe
5. Israeli drone startup Xtend secures $70 million Series B amid global demand – Ynet News, accessed December 7, 2025, https://www.ynetnews.com/business/article/r1v1kkriex
6. Google Cloud Announces New Partnership with Global Fashion Retailer, accessed December 7, 2025, https://www.prnewswire.com/news-releases/google-cloud-announces-new-partnership-with-global-fashion-retailer-301578534.html
7. Full article: Infrastructural entanglement and cloud hyperscalers in contemporary warfare: Insights from Ukraine, Israel and Taiwan – Taylor & Francis Online, accessed December 7, 2025, https://www.tandfonline.com/doi/full/10.1080/13523260.2025.2593247
8. How to bridge the gap between online and offline retail – AppsFlyer, accessed December 7, 2025, https://www.appsflyer.com/blog/trends-insights/online-offline-retail/
9. From Sketch to Store: How AI Is Reshaping The Fashion Ecosystem | by Praise James, accessed December 7, 2025, https://medium.com/@techwithpraisejames/computers-helping-creatives-how-ai-is-transforming-the-fashion-ecosystem-cceb57882a71
10. Check Point Software Technologies Check Point Cryptographic Library Cryptographic Module Version 1.0 (Firmware) FIPS 140-2 Non- – NIST Computer Security Resource Center, accessed December 7, 2025, https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2995.pdf
11. Hybrid Mesh Firewall – Check Point Software, accessed December 7, 2025, https://www.checkpoint.com/solutions/hybrid-mesh-firewall/
12. Google Makes History With $32 Billion Acquisition of Wiz – Superbrands News, accessed December 7, 2025, https://superbrandsnews.com/google-makes-history-with-32-billion-acquisition-wiz/
13. SentinelOne Endpoint Protection – Digital Marketplace, accessed December 7, 2025, https://www.applytosupply.digitalmarketplace.service.gov.uk/g-cloud/services/840857949644595
14. CyberArk – The Identity Security Company – Carahsoft, accessed December 7, 2025, https://www.carahsoft.com/cyberark
15. CyberArk Consultant jobs | Dice.com, accessed December 7, 2025, https://www.dice.com/jobs/q-CyberArk+Consultant-jobs
16. H&M ENTERS INTO FRANCHISE AGREEMENT FOR STORE OPENINGS IN ISRAEL, accessed December 7, 2025, https://hmgroup.com/news/hm-enters-into-franchise-agreement-for-store-openings-in-israel/
17. Union Tech Ventures: Home, accessed December 7, 2025, https://uniontech.vc/
18. XTEND Secures $30M Extension to Complete $70M Series B Funding – Dronelife, accessed December 7, 2025, https://dronelife.com/2025/07/15/xtend-secures-30m-extension-to-complete-70m-series-b-funding/
19. Guardio secures $80 million in new funding. – CyberWire, accessed December 7, 2025, https://thecyberwire.com/newsletters/business-briefing/7/47
20. Guardio bags $80m as demand for consumer cyber soars – FinTech Global, accessed December 7, 2025, https://fintech.global/2025/11/25/guardio-bags-80m-as-demand-for-consumer-cyber-soars/
21. May Deal Roundup: Unilever Ventures backs Selva Ventures in new $34m fund, accessed December 7, 2025, https://globalventuring.com/corporate/daily-deal-round-up/may-2023-monthly-deal-roundup/
22. Report: Iran likely behind cyber attacks on Israeli supply chain companies – JNS.org, accessed December 7, 2025, https://www.jns.org/report-iran-likely-behind-cyber-attacks-on-israeli-supply-chain-companies/
23. Threat analysis: N3tw0rm ransomware – Acronis, accessed December 7, 2025, https://www.acronis.com/en/blog/posts/n3tw0rm-ransomware/
24. Benefits of Virtual Fitting Rooms for Ecommerce CX – Retently, accessed December 7, 2025, https://www.retently.com/blog/virtual-fitting-room/
25. Fashion Technology: Top Trends Shaping Style – ThisShirtExists.com, accessed December 7, 2025, https://www.thisshirtexists.com/fashion-technology/
26. What is purchase frequency and how to increase yours? – AppsFlyer, accessed December 7, 2025, https://www.appsflyer.com/glossary/purchase-frequency/
27. H&M | MMA / Marketing + Media Alliance, accessed December 7, 2025, https://mmaglobal.com/node/44669
28. Complainant’s Exhibit 51 1 of 4 – U.S. Department of Labor, accessed December 7, 2025, https://www.dol.gov/sites/dolgov/files/OALJ/PUBLIC/FOIA/Frequently_Requested_Records/Graham_2019_SOX_00040/2019SOX00040_DOC_057.pdf
29. Demand/Supply: Exposing the Surveillance Industry in Colombia – Privacy International, accessed December 7, 2025, https://privacyinternational.org/sites/default/files/2017-12/DemandSupply_English.pdf
30. News and updates, accessed December 7, 2025, https://mr.gov.il/ilgstorefront/en/news/details/111222
31. Identity Platform pricing – Google Cloud, accessed December 7, 2025, https://cloud.google.com/identity-platform/pricing
32. H&M Info Tech, accessed December 7, 2025, https://hnminfotech.com/
33. Home – Microsoft Datacenters, accessed December 7, 2025, https://datacenters.microsoft.com/home/
34. The-Billion-Dollar-Collection-Lookbook.pdf – H&M Foundation, accessed December 7, 2025, https://hmfoundation.com/wp-content/uploads/2021/08/The-Billion-Dollar-Collection-Lookbook.pdf
35. 10 immersive startups to watch graduate from Digital Catapult’s Augmentor programme, accessed December 7, 2025, https://www.digicatapult.org.uk/about/press-releases/post/10-immersive-startups-to-watch-graduate-from-digital-catapults-augmentor-programme/
36. H&M Group leads textile recycling movement through ‘Syre’ launch – Just Style, accessed December 7, 2025, https://www.just-style.com/news/hm-group-unveils-syre-to-scale-textile-to-textile-rpet-production/