Six weeks on, and as M&S continues to investigate the high-cost hack to its IT systems, Indian company Tata Consultancy Services (TCS) comes into the picture as a possible key entry point failure.
And at the weekend, CEO Stuart Machin admitted restoring online clothes shopping may still take another “five or six weeks”.
Tata, which operates M&S’s IT helpdesk, is reportedly investigating whether it was used by cybercriminals to gain access to its systems, the Financial Times first reported.
The retailer, which said the attack could cost it up to £300 million in profit, admitted that “threat actors” had gained access to the retailer’s systems through one of its contractors, understood to be TCS.
The retailer also confirmed the hackers used “social engineering” techniques to attack them, such as posing as a staff member to fool a helpdesk into giving away passwords.
TCS, which has worked with M&S for more than a decade, has been helping the retailer with its probe into the cyber attack, conducting an internal inquiry which is expected to conclude this month.
The report said finding the exact route the hackers took could be important for M&S and TCS as the Information Commissioner’s Office (ICO), the UK’s data watchdog, will examine who might face a fine for any loss of customer and staff data as a result of the hack.
The ICO can impose a fine of up to £17.5 million, or 4%, of worldwide annual turnover, whichever is greater, the report noted. It will take into account the nature and seriousness of a failure, how individuals have been affected, and whether other regulatory authorities are already taking action, the report added.
TCS has yet to comment on its part, if any, in the breach.
Meanwhile, Machin has admitted he “went into shock” over the attack, adding the retailer “is not a crisis” as it works to rebuild systems.
Machin told the Mail on Sunday he felt “anxious” when he was first informed late at night about the ransomware attack: “I went into shock. It’s in the pit of your stomach, the anxiety. But you have to think: ‘Stuart, you have to lead this, you have to keep a cool head’”.
He said M&S was working urgently to rebuild its computer systems but that restoring online clothes shopping could be weeks away.
He noted the incident had also led him to accelerate the company’s efforts to overhaul its digital infrastructure, which was originally scheduled to take three years but may now only take “a year-and-a-half”.
On the upside, Machin also said he had been “buoyed by support” from customers: “We have worked very hard to do the right thing and keep everyone up to date and informed.
“We are chins up, shoulders back, dust ourselves down. I want to look forward,” he added.
Copyright © 2025 FashionNetwork.com All rights reserved.
