Retailer Suspends Online Sales and Disrupts Store Operations Following Breach

  • Marks and Spencer ends contract with IT firm Tata Consultancy Services (TCS) after £300m cyber attack
  • Cyber attack forced suspension of online sales and disrupted store operations
  • Attack attributed to group called Scattered Spider using social engineering technique
  • TCS found ‘no fault’ in internal review, M&S renewed deal with firm two years ago worth £750m
  • Cyber security experts warn outsourcing IT functions may increase risk exposure

Marks and Spencer (M&S) has terminated its contract with India-based IT consultancy Tata Consultancy Services (TCS) following a £300 million cyber attack that occurred earlier this year. The incident forced the retailer to halt online sales and disrupted store operations, as reported by The Telegraph. The attack, attributed to a group called Scattered Spider, gained access to M&S’s systems through social engineering, where hackers impersonate executives to obtain password resets from IT support staff. TCS, which provides IT and contact services for several major UK firms, conducted an internal review but found ‘no fault.’ Liam Byrne, chairman of the business select committee, inquired about TCS’s work with M&S. In a letter to MPs, TCS stated that the breach happened ‘in the client’s own environment’ and there were ‘no indicators of compromise within the TCS network.’ Cyber security experts have cautioned that outsourcing key IT functions may increase risk exposure. Researcher Kevin Beaumont told The Telegraph that typical helpdesks are vulnerable due to serving multiple clients and relying on standardized scripts, making human errors more likely. M&S had worked with TCS for over a decade and renewed a wider deal two years ago worth about £750 million to modernize its technology systems. Despite ending the helpdesk contract, TCS continues to manage the retailer’s data center and cloud services.

Factuality Level: 8
Factuality Justification: The article provides accurate and objective information about the cyber attack on Marks and Spencer and its contract with Tata Consultancy Services. It includes relevant details about the incident, the company’s response, and expert opinions on outsourcing IT functions. However, it lacks some contextual background information that might be helpful for readers unfamiliar with the companies or the industry.
Noise Level: 3
Noise Justification: The article provides relevant information about the impact of a cyber attack on Marks and Spencer and their IT consultancy contract termination with Tata Consultancy Services. However, it lacks in-depth analysis or actionable insights, and does not explore long-term trends or possibilities.
Financial Relevance: Yes
Financial Markets Impacted: Marks and Spencer (M&S) and Tata Consultancy Services (TCS)
Financial Rating Justification: The article discusses the financial impact of a cyber attack on Marks and Spencer, which led to the termination of its contract with Tata Consultancy Services. This affects both companies’ operations and potentially impacts their stock prices and reputation in the market.
Presence Of Extreme Event: Yes
Nature Of Extreme Event: Technological Disruption (cyber-attacks)
Impact Rating Of The Extreme Event: Major
Extreme Rating Justification: The cyber attack had a significant impact on M&S’s operations, causing suspension of online sales and disruptions in store operations, leading to a £300m loss. It also highlights the potential risks associated with outsourcing key IT functions.

Reported publicly: www.retailsector.co.uk