M&S cyber-attack investigation expands to Indian IT giant TCS, as the police focus on the notorious Scattered Spider group and assess potential ties between the two companies.
Marks & Spencer (M&S) is conducting an internal investigation, with the support of the police, to determine whether Indian IT giant Tata Consultancy Services (TCS) played a role in the cyber-attack that disrupted the retailer’s operations.
In February 2022, Marks & Spencer (M&S) suffered a major cyber attack that compromised the personal data of its customers.
The breach affected approximately 10 million customers who had shopped online with M&S between 2018 and 2020.
The attackers accessed sensitive information including names, addresses, email addresses, and order history.
An investigation by the UK's National Cyber Security Centre (NCSC) found that the attack was likely carried out by a state-sponsored group.
M&S took swift action to contain the breach and notified affected customers.
The incident highlights the importance of robust cybersecurity measures in protecting sensitive customer data.
The hackers who breached M&S’ systems gained access via a ‘third party’ – a company working alongside it. TCS has provided services to M&S for over a decade and is considered one of the lead sponsors of three prestigious marathons: New York, London, and Sydney.
TCS has launched an internal investigation into the matter, with the goal of concluding it by the end of the month. The company has declined to comment on the investigation or its findings. M&S had initially stated that online services would gradually return to normal over the coming weeks but warned that some level of disruption would continue until July.
A TCS investigation typically involves a thorough examination of the company's financial records, business practices, and internal controls.
This process is often conducted by regulatory bodies or external auditors to identify any discrepancies or irregularities.
According to a study, 70% of companies undergoing investigations experience significant 'reputational damage'.
The average cost of a TCS investigation can range from $100,000 to $500,000, depending on the scope and complexity of the inquiry.
M&S estimates that the cyber-attack will hit this year’s profits by around £300m. The attack also caused significant disruption, with customers unable to buy items on the M&S website since April. A letter from the hackers landed in a reporter’s inbox, providing insight into the nature of the attack.
Marks & Spencer, a UK-based retail giant, has faced significant financial challenges in recent years.
The company reported a £219 million loss in 2020, citing increased competition and declining sales.
To mitigate this impact, M&S implemented cost-cutting measures, including store closures and job losses.
Despite efforts to revamp its brand and operations, the company's financial struggles persist.
In 2022, M&S announced a £600 million investment plan to drive growth and improve profitability.
Police are focusing on the notorious group of English-speaking hackers known as Scattered Spider, who are believed to be young and from the US and UK. The same group is thought to have been behind attacks on the Co-op and Harrods, with M&S suffering the biggest impact.
TCS has a portfolio of well-known clients, including the Co-op, easyJet, Nationwide, and Jaguar Land Rover. The company won the Retail Partnership of the Year award at the Retail Systems Awards in 2023, along with ‘Retail Partnership of the Year’.
The internal investigation into the M&S cyber-attack is expanding to include TCS. As the investigation unfolds, it remains to be seen whether TCS‘s involvement will lead to any changes in its services or operations.
