An internal investigation is underway at Tata Consultancy Services (TCS), one of India’s largest IT firms, to determine if it was the entry point for a significant cyber-attack on British retailer Marks & Spencer (M&S). The attack has caused major disruptions to M&S’s online services, with the company estimating a £300 million hit to its profits this year.
Key Takeaways
- TCS is investigating its potential role in the M&S cyber-attack.
- M&S has faced significant online disruptions since the end of April.
- The cyber-attack is linked to a group of hackers known as Scattered Spider.
- M&S estimates a £300 million loss due to the attack.
Background of the Cyber-Attack
Earlier this week, M&S revealed that the hackers gained access to its systems through a third-party vendor, rather than directly breaching M&S’s own security. This has raised concerns about the security protocols of companies that provide services to major retailers.
TCS has been a long-time service provider for M&S, working together for over a decade. The investigation aims to clarify whether TCS’s systems were compromised, allowing the hackers to infiltrate M&S.
Impact on Marks & Spencer
Since the cyber-attack, M&S has struggled to restore its online shopping capabilities. Customers have been unable to purchase items through the M&S website since late April, with the company indicating that full service may not resume until July. M&S’s chief executive, Stuart Machin, described the attack as a "highly sophisticated and targeted cyber-attack" that has led to significant operational challenges.
The financial implications of the attack are severe, with M&S projecting a £300 million impact on its profits for the year. This figure underscores the potential long-term effects of cyber threats on retail operations.
Investigation Details
The investigation by TCS is expected to conclude by the end of the month, although the exact timeline for when it began remains unclear. Both TCS and M&S have refrained from commenting on the specifics of the investigation, including whether any ransom was paid to the hackers.
Authorities are focusing on a group of hackers known as Scattered Spider, who are believed to be responsible for this attack as well as previous incidents involving other retailers like the Co-op and Harrods. M&S appears to have suffered the most significant impact from this group’s activities.
TCS’s Role and Reputation
TCS, which employs over 607,000 people globally, has a diverse portfolio of clients, including well-known brands such as easyJet, Nationwide, and Jaguar Land Rover. The company has been recognised for its partnership with M&S, having won the Retail Partnership of the Year award at the Retail Systems Awards in 2023.
As the investigation unfolds, the focus will be on how TCS can enhance its security measures to prevent future breaches and protect its clients from similar threats. The outcome of this investigation may also influence the broader conversation about cybersecurity in the retail sector, particularly regarding the vulnerabilities associated with third-party vendors.
Conclusion
The ongoing investigation into the cyber-attack on M&S highlights the critical importance of cybersecurity in today’s digital landscape. As retailers increasingly rely on third-party services, ensuring robust security measures is essential to safeguard against potential threats. The findings from TCS’s investigation could have significant implications for the future of cybersecurity practices within the retail industry.
