M&S ends IT service desk contract with Indian provider after cyber attack
Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
Marks and Spencer has ended a contract with Tata Consultancy Services to run its IT service desk just months after the Indian provider was forced to conduct an internal investigation over being the origin of a high-profile cyber attack on the UK retailer.
The Mumbai-based group, which has provided services to M&S for more than a decade and is the largest arm of the conglomerate Tata Sons, saw its contract with the UK group end in July, according to the retailer.
M&S in April was hit by a cyber attack forcing it to suspend online orders and leave some shelves bare. TCS exonerated itself from being the source of the breach after an internal investigation in June.
In July, Archie Norman, the M&S chair, told MPs that hackers had used “sophisticated impersonation” to gain entry “involving a third party.” The attack is expected to lower operating profits by up to £300mn this year.
The renewal process of TCS’s contract with M&S began in January, according to a person familiar with the matter, who confirmed that the retailer had decided to opt for another service provider after the process had completed. The termination of the contract was first reported by the Telegraph newspaper.
M&S declined to comment on when the decision was made, or if there was a link to the cyber attack.
The retailer continues to use the Indian group for other services. “TCS provides a number of technology and IT services for M&S and we value our partnership with the TCS team,” M&S said.
“Regarding the IT service desk contract specifically, as is usual process, we went to market to test for the most suitable product available, ran a thorough process and instructed a new provider this summer. This process started in January and this change has no bearing on our wider TCS relationship,” it added.
TCS did not respond to requests for comment.
In response to a request last month from Liam Byrne, chair of the House of Commons business and trade select committee, for clarification on its relationship with M&S and other attacks including Jaguar Land Rover, TCS said there were “no indicators of compromise within the TCS network” for any of the three incidents.
In its letter, TCS said it provided services to 211 UK-based clients, including those in the finance, energy, water and nuclear sectors.
Additional reporting by Andres Schipani in New Delhi
