Unlock Editor’s Digest Lock for Free
FT editor Roula Khalaf will select your favorite stories in this weekly newsletter.
Tata Consultancy Services is internally investigating whether it is a gateway for cyberattacks against Mark and Spencer, which wreaked havoc for retailers and led to customer data theft.
Indian IT Company has been serving M&S for over a decade and is the largest division of Mumbai conglomerate Tata Sons, and according to anyone with knowledge of the matter, it hopes to close the investigation by the end of the month. TCS added that since the retailer disclosed a month ago, it had been working with M&S to investigate the case.
The violation will force retailers to close their online clothing business for more than three weeks, sweeping over £750 million from their market capitalization, reaching operating profits of up to £300 million. The confusion is expected to continue until July, and British police investigations have also begun.
This week, M&S CEO Stuart Machin denounced the “Human Error” hack in his first detailed public comment about the incident, not in the weaknesses of the FTSE 100 companies’ systems and cyber defense.
Machin added that the staff of third-party contractors have been tricked. He refused to say whether the retailer paid the ransom or whether it employed over 600,000 people and paid TCS, which was selected as M&S’s “primary technology partner” in 2018.
Both TCS and M&S declined to comment.
If the attacks arise from an Indian company, “it will definitely affect their brand image,” said Vaibhav Chechani, Mumbai-based analyst for broker Nirmal Bang. “That’s pretty embarrassing.”
M&S is just one of several retailers under the UK’s name, including cooperatives and luxury department store chain Harrods, to face attacks from cybercriminals in recent weeks. Since 2009, TCS has been supporting “business critical and workplace transformation” as a “strategic partner.”
However, India’s largest IT outsourcing company has not investigated whether its services are linked to recent cyberattacks on cooperatives, as they are not related to high-tech infrastructure.
The violation is the latest in India’s revenue-growing technology industry of over $2800 billion a year, and has struggled in recent years to flexible spending on services in the US, the largest market.
This year, Infosys, the country’s second-largest outsourner, agreed to pay $17.5 million to resolve many US lawsuits related to the 2023 cyberattacks against its American subsidiary.
“Cybercrime is on the rise, and this is a huge increase,” Chechani said. “Thieves are more organized.”
