A recent cyber-attack on Marks & Spencer (M&S) has caused serious disruptions to its online operations. Now, attention is turning to Tata Consultancy Services (TCS), a well-known Indian IT company that has worked with M&S for over ten years. TCS is currently investigating whether its systems may have been used as the entry point for the attack.
M&S confirmed that hackers gained access through a “third party” rather than breaching M&S systems directly. Both M&S and TCS have declined to give official statements, but sources say that the internal investigation may finish by the end of this month. It remains unclear when TCS began the probe.
Since late April, customers have not been able to buy products from the M&S website. The company has announced that online services will return gradually over the coming weeks, though full recovery may not happen until July. M&S estimates this incident could reduce profits by up to £300 million this year.
Police are focusing on a hacker group known as Scattered Spider. This group is already linked to attacks on the Co-op and Harrods. However, the damage to M&S is said to be the most severe so far.
TCS is a global IT services provider with over 607,000 employees worldwide. It sponsors major marathons in New York, London and Sydney. It also worked with M&S to develop the Sparks loyalty program. In 2023, the two companies even won an award for their partnership. TCS also lists high-profile clients such as Co-op, easyJet, Nationwide, and Jaguar Land Rover. However, it’s not yet clear whether the investigation includes other companies affected by similar attacks.
M&S CEO Stuart Machin recently described the attack is highly targeted and sophisticated. During a media call, he did not answer whether the company had paid a ransom.
This incident highlights growing cybersecurity risks in today’s digital world, especially for retail brands. It also shows the potential dangers of relying on third-party vendors for key IT services.
By
