Tata Consultancy Services (TCS) is investigating whether it served as the point of entry for a devastating cyberattack on British retailer Marks & Spencer (M&S). The M&S breach hit during the Easter weekend, and led to customer data theft. The breach forced M&S to shut its online clothing operations for more than three weeks—resulting in massive financial and reputational fallout. Online services are expected to remain disrupted until July.
TCS investigation
TCS, M&S’s primary technology partner since the early 2010s, is aiming to conclude its internal investigation by the end of May, according to a report by Financial Times. The Indian IT giant has, however, not publicly confirmed whether its systems were compromised, but a source at M&S was quoted as telling Reuters that the attackers gained access using login credentials from at least two TCS employees.
These claims however, could not be clarified.
M&S CEO Stuart Machin, in his first public remarks on the breach, attributed it to “human error” at a third-party contractor, rather than a breakdown in M&S’s internal systems. “Staff at a third-party contractor were tricked,” Machin said, stopping short of naming TCS or commenting on ransom payments.
This isn’t an isolated case. Other major UK retailers, including Harrods and the Co-op, have also been targeted in recent cyberattacks. The Co-op, a TCS client since 2009, reportedly thwarted the attack before major damage occurred. TCS, however, is not investigating any role in the Co-op breach, citing that its services there do not involve IT infrastructure.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
