- Marks and Spencer drops its IT service provider
- This follows an investigation into the source of a huge cyberattack
- Tech company says the two are ‘clearly unrelated’
Marks and Spencer (M&S) has ended its partnership with Indian IT company Tata Consultancy Services (TCS) following the devastating cyber attack which disrupted in-store and online systems.
The contract was terminated after TCS came under investigation over speculation it may be behind the breach, although the source has not yet been confirmed.
“Regarding the IT Service Desk contract specifically, as is typical, we went to market to test the most suitable product available, conducted a thorough process and mandated a new vendor this summer. This process began in January and this change has no bearing on our wider relationship with TCS,” a spokesperson said. The register.
Sophisticated identity theft
The M&S attack brought chaos to the high streets in what has now been confirmed as a ransomware attack which also hit retail giant Co-op – and had a total financial impact of between £270 million and £440 million.
The hackers allegedly used “sophisticated impersonation” to gain entry “involving a third party” – although the exact circumstances of the incident have not been confirmed.
TCS still partners with M&S on a number of other IT technologies and services, and says the termination of the service desk contract and the cyber attack were “clearly unrelated” and that the process had started well before the April incident.
Third-party vendors and contractors are increasingly being used to gain access to larger, more lucrative targets – which should ring alarm bells for cybersecurity teams.
“Modern retail environments are complex, containing hundreds of connected devices integrated into sophisticated online retail supply chains,” said Neil Thacker, global head of privacy and data protection at Netskope.
“System integrations are what make retailers agile and able to achieve huge efficiencies in their business operations, but they also potentially expose businesses, as a successful infiltration in one part of the business can quickly spread laterally to other business-critical systems.”
The best identity theft protection for every budget
