The Indian firm managing the IT Helpdesk for Marks & Spencer is looking into potential cybercriminal activity that may have compromised its systems. Recently, M&S indicated that “threat actors” could access the retailer’s systems through a contractor, believed to be Tata Consulting Services (TCS).
Retailers dealing in clothing, food, and household products have confirmed that hackers are employing “social engineering” tactics to execute their attacks.
TCS has collaborated with M&S for more than a decade and has assisted the retailer with concerns regarding cyberattacks that intensified over Easter weekend. The retailer estimates the financial impact of the attack could reach £300 million.
According to reports, TCS, based in Mumbai, is undertaking an internal inquiry this month to determine if any employees or systems might be associated with the breach.
For M&S and TCS, identifying the pathways taken by the hackers could be crucial, especially as the UK’s Information Commissioner’s Office (ICO) investigates who might be held accountable for the loss of customer and employee data due to the incident.
The ICO has the authority to impose fines of as much as £17.5 million or 4% of a company’s annual worldwide sales. For instance, British Airways faced a £20 million penalty from the ICO in 2018 when hackers redirected web traffic to fraudulent sites, while Tesco Bank was lumbered with a £16.4 million fine after customer card details were stolen.
M&S has been trying to recover for a month now. The cyberattack forced the suspension of orders through its website, disrupting the delivery of food and fashion products not only to stores but also affecting its online food partner, Ocado.
The retailer has acknowledged that personal information from thousands of customers has been compromised, including names, addresses, dates of birth, and order histories.
The ongoing TCS investigation stems from continued operational interruptions for M&S due to the breach, which has impacted inventory levels in stores. Full functionality for the website isn’t expected to resume until July.
Interestingly, the attacks from the hacking group known as Scattered Spider coincided with reports of similar cyber threats aimed at other cooperatives and Harrods.
Staff at some cooperative grocery stores are facing difficulties keeping their shelves stocked this week.
Attempts to reach TCS for comments were made.
