Image Source: iNews
Marks & Spencer's massive cyber assault—estimated to cost the store chain a combined total of some £300 million in missed sales and to take issues until at least July—was traced to a breach by means of a third-party contractor. Investigations are now focused on Tata Consultancy Services (TCS), M&S's longtime IT partner, which is holding an internal investigation to determine if its systems were exploited by hackers as an entry point.
Attackers are supposed to have used sophisticated social engineering practices to fool staff at the outside contractor, bypassing M&S's own security measures. While neither TCS nor M&S has publicly identified the contractor, insiders suggest the tie-up with TCS as a possible vulnerability.
The breach, first identified in April, meant stolen customer data (not payment data or passwords), brought online shopping to a halt, and caused major disruption. M&S boss Stuart Machin confirms the company had not put cybersecurity expenditure on the backburner, attributing the breach to "human error" at the third-party level.
The attack has created broader industry alarm, as other UK retailers have been hit recently too, and it has led to a class-action lawsuit regarding the leak of data. TCS hopes to finalize its investigation by the end of the month, while M&S scrambles to reinstate full services.
Source: Reuters, ITV News, Computing UK
Advertisement
Advertisement
