M&S had their ransomware incident communicated via internal email - from the account of a staff member who works for TCS.
The way TCS work is you give them accounts on your AD.
Marks and Spencer have started partial online shopping again.
For statto nerds, around 7 weeks from containment to partial recovery
M&S still have no recruitment system, two months in.
TCS have told shareholders their systems were not compromised in the hack of M&S.
As an explainer here (not in the article): TCS IT systems weren't compromised. Their helpdesk service (they're AD admins at M&S) was used to gain access to M&S. They manage M&S IT systems.
https://www.reuters.com/business/media-telecom/indias-tcs-says-none-its-systems-were-compromised-ms-hack-2025-06-19/
Edited 6d ago
Latest Marks and Spencer update is pretty crazy.
M&S haven't been able to supply sales data - so the British Retail Consortium (BRC) - used by the UK government as as economic indicator - basically made up figures for M&S and didn't tell people they had done this.
https://www.telegraph.co.uk/business/2025/06/24/retail-lobby-group-accused-of-ms-cyber-cover-up/
Ultra spicy post claiming to be from UK retailer employee (M&S or Co-op) about their experience with TCS on their security incident. https://www.reddit.com/r/cybersecurity/comments/1ll1l6c/scattered_spider_tcs_blame_avoidance/?utm_source=share&utm_medium=mweb3x&utm_name=mweb3xcss&utm_term=1&utm_content=share_button
