Tata Consultancy Services (TCS), an Indian IT company that has provided services to Marks & Spencer (M&S) for over a decade, is conducting an internal investigation to determine whether it served as the entry point for a recent cyber-attack that significantly disrupted M&S’s operations. The investigation comes after M&S reported that hackers accessed their systems through a “third party,” rather than breaching their security directly.
Background
The cyber-attack, which surfaced earlier this week, has led to substantial disruptions on the M&S website, preventing customers from making purchases since late April. Although M&S anticipates gradually restoring online services over the coming weeks, the company has warned that some disruptions may persist into July. The financial impact of the attack is expected to be severe, with M&S estimating a hit to profits of approximately £300 million.
Reports indicate that TCS’s investigation aims to conclude by the end of the month, although it remains unclear when the probe officially began. M&S and TCS have both refrained from commenting on the situation.
Impact
The cyber-attack is believed to be linked to a group known as Scattered Spider, a notorious collective of English-speaking hackers also implicated in previous breaches affecting other British retailers, including the Co-op and Harrods. Among these incidents, M&S appears to have suffered the most significant consequences, underscoring major retailers’ potential vulnerabilities in today’s digital landscape.
TCS employs over 607,000 individuals worldwide and has been an integral partner to M&S, collaborating on various initiatives, including the Sparks customer reward program. The two companies were recently recognised with the Retail Partnership of the Year award at the 2023 Retail Systems Awards, further highlighting their close working relationship.
Official Response
Stuart Machin, CEO of M&S, described the cyber-attack as “highly sophisticated and targeted,” noting that the company had been managing its consequences amid the ongoing threat. During a media call, Machin declined to address whether any ransom had been paid to the attacker, raising further questions about the nature of the compromise.
Customer Concerns
The prolonged disruption has frustrated M&S customers, who have been unable to access online shopping. The retailer has reassured its clientele that it is working diligently to resolve the issues and return to operational normalcy.
Future Developments
As TCS’s investigation continues, there is no indication that it will also encompass the recent hack of the Co-op. TCS’s extensive client portfolio includes names such as easyJet, Nationwide, and Jaguar Land Rover, reflecting its prominent role in the IT service industry.
The broader implications of this incident highlight the increasing risks corporations face amid evolving cyber threats. Experts warn that as more companies outsource IT services, the potential for third-party vulnerabilities may rise, emphasising the need for robust security measures in all facets of digital operations.
Stakeholders eagerly anticipate the outcome of TCS’s investigation, seeking clarity on how such an attack could occur and measures to prevent future incidents. As the digital landscape continues to evolve, the emphasis on cybersecurity remains crucial for maintaining customer trust and operational integrity.
For more business News, check PGN Business Insider.
