M&S dumps IT giant TCS after cyberattack
Marks and Spencer (M&S) has terminated a key IT contract with long-time partner Tata Consultancy Services (TCS), months after a devastating cyberattack hit the retailer.
The move follows a major hack on M&S in April, which forced the retailer to suspend online orders and resulted in bare shelves, with the total hit to operating profits expected to reach £300 million this year.
M&S Chairman Archie Norman told MPs in July that hackers had used “sophisticated impersonation” to gain entry “involving a third party.”
This comment immediately put the spotlight on the Indian outsourcing provider TCS which has worked with the UK group for over a decade. The decision to end the IT service desk contract came into effect in July.
Despite TCS clearing its own network in an internal investigation, M&S opted for a new provider following a contract renewal process that began in January. M&S stated the change had “no bearing on our wider TCS relationship,” maintaining that the selection of a new provider was completed as part of a “usual process”.
However, TCS firmly countered, claiming M&S chose the new provider “much prior” to the April cyber incident, and stressed that the contract termination and the hack were “clearly unrelated.”
While the service desk contract is over, M&S confirmed it still uses TCS for a number of other technology services, stating, “we value our partnership with the TCS team.”
The focus now shifts to the broader implications of the cyberattack, which exploited a third-party access point. TCS, a major global IT provider, currently serves over 200 UK-based clients, including those in the finance, energy, and nuclear sectors, raising wider industry questions about supply chain security.
