- Marks and Spencer has abandoned its IT service desk provider
- This follows an investigation into the origin of a major cyberattack.
- The tech company says the two are “clearly unrelated”
Marks and Spencer (M&S) has ended its partnership with Indian IT company Tata Consultancy Services (TCS) following the devastating cyber attack that brought down in-store and online systems.
The contract was terminated after TCS was investigated over speculation that it could be the source of the breach, although the source is yet to be confirmed.
“With respect to the IT service desk contract specifically, as is the usual process, we went to market to test the most suitable product available, ran a thorough process and instructed a new supplier this summer. This process began in January, and this change is unrelated to our broader relationship with TCS,” a spokesperson said The Registry.
Sophisticated impersonation
The M&S attack caused chaos on the high street, which has now been confirmed as a ransomware attack that also hit retail giant Co-op and had a total financial impact of between £270 million and £440 million.
The hackers are said to have used “sophisticated spoofing” to gain entry “involving a third party”, although it has not been confirmed what the exact circumstances surrounding the incident were.
TCS is still partnering with M&S for other technology and IT services, and says the termination of the service desk contract and the cyber attack were “clearly unrelated” and that the process had begun long before the April incident.
Third-party vendors and contractors are increasingly being used to gain access to larger, more lucrative targets, which should be a wake-up call for cybersecurity teams.
“Modern retail environments are complex, containing hundreds of connected devices integrated into sophisticated online retail supply chains,” said Neil Thacker, Global Head of Privacy and Data Protection at Netskope.
“System integrations are what make retailers agile and able to find huge efficiencies in their business operations, but they also potentially leave companies exposed because a successful infiltration into one part of the business can quickly spread laterally to other business-critical systems.”
The best identity theft protection for every budget
