**Indian IT Giant Investigates Potential Cyber Attack Link to M&S**
In recent developments, Tata Consultancy Services (TCS), one of India’s most prominent IT firms, is reportedly conducting an internal investigation to elucidate its possible connection to the significant cyber attack that recently disrupted operations at Marks & Spencer (M&S). This investigation comes in the wake of disclosures that the attack, which has caused severe operational challenges for M&S, may have originated from third-party access rather than direct infiltration of the retailer’s systems.
For over a decade, TCS has collaborated with M&S, providing a range of IT services. The scale of the issue has prompted M&S to reveal that the hackers penetrated their network via a “third party,” though it has not confirmed whether TCS is the source of this breach. Both companies at this stage have opted to refrain from commenting on the ongoing investigation, leaving pertinent details about the security breach unclear.
According to a report by the Financial Times (FT)—the first media outlet to break the story—sources familiar with the investigation suggest that TCS aims to complete its assessment by the end of the month. However, it has not been disclosed when TCS initially commenced its inquiry. The fallout from the cyber attack has already been notable; since the latter part of April, M&S customers have been unable to make purchases on the company’s website. M&S has indicated that though normal operations may begin resuming on the online platform in the upcoming weeks, complete restoration of services is anticipated to extend to July.
The cyber attack is expected to have considerable financial repercussions for M&S, with estimates suggesting a potential impact of approximately £300 million on this year’s profits. Amidst this turmoil, law enforcement agencies are focusing their investigations on a renowned group of hackers known as Scattered Spider, described as technologically proficient and well-organized.
This hacking group is linked to not only M&S’s recent troubles but also previous cyber attacks on other notable retailers, including the Co-op and Harrods. Reports suggest that M&S encountered one of the most significant disruptions as a result of this group’s activities. It is further revealed that TCS, with a workforce of over 607,000 globally, sponsors prestigious marathons in New York City, London, and Sydney, highlighting its global footprint and reputation in the business sector.
In their official communications, TCS has emphasized its long-standing relationship with M&S, particularly mentioning collaborative efforts on initiatives such as Sparks, a customer loyalty program. Additionally, TCS and M&S were jointly awarded the Retail Partnership of the Year accolade at the Retail Systems Awards in 2023, underscoring their mutual achievements prior to the cyber incident.
As the investigation unfolds, there is currently no indication that TCS’s internal probe extends into the hacking incident affecting the Co-op. Known for its broad range of clients, TCS lists well-known organizations such as easyJet, Nationwide, and Jaguar Land Rover among its clientele. Despite the ongoing crisis, M&S’s CEO Stuart Machin addressed the recent vulnerabilities, stating the company has been grappling with a “highly sophisticated and targeted cyber attack” that led to temporary service disruptions. However, he avoided directly responding to inquiries regarding whether the company opted to pay any ransom to mitigate the impact of the attack.
As this situation continues to develop, stakeholders and customers keenly await insights and resolutions regarding both the implications of the cyber attack on M&S and the possibilities of accountability and recovery from TCS. The ramifications of this incident will likely shape the landscape for both companies as they navigate the complexities brought forth by digital threats in today’s interconnected world.