Do Son 
The high-profile cyberattack on the British retail chain Marks & Spencer has taken a new turn. Sources report that the threat group known as Scattered Spider infiltrated the company’s systems by exploiting the credentials of two employees from an external contractor—India-based Tata Consultancy Services (TCS). Notably, TCS also provided IT services to another affected retailer, Co-op.
This information, reported by Reuters citing insider sources, aligns with a recent advisory issued by the UK’s National Cyber Security Centre (NCSC), which warned of escalating cybercriminal activity targeting the retail sector. The document, published on the NCSC website, detailed a wave of attacks against major UK chains—including Harrods, Co-op, and Marks & Spencer.
Available evidence suggests that the attackers used login credentials belonging to two TCS employees during the April 22 breach of M&S. Founded in 1968, TCS remains one of the world’s largest IT consulting firms, offering services across banking, insurance, manufacturing, and retail. In the UK, its clients include prominent names such as British Airways, Tesco, Primark, Sainsbury’s, and Asda.
Strikingly, just two months prior to the attack, TCS had announced a strategic partnership with Co-op focused on overhauling the retailer’s entire IT infrastructure through cloud-based solutions. In August 2023, TCS and M&S were also commended for their joint development of a cloud-native loyalty program, built on modern tech stacks and engineering-centric practices.
Although the NCSC has not confirmed a direct connection between the attacks on M&S, Co-op, and Harrods, its report emphasizes the critical importance of monitoring access to cloud environments and controlling permissions granted to employees and contractors. It draws particular attention to the increasing use of social engineering techniques—such as password resets and MFA bypasses via IT help desks—a method Scattered Spider has deployed in prior campaigns.
According to iProov, a company specializing in biometric security, many contemporary multi-factor authentication systems remain vulnerable because they rely on user knowledge—such as passwords and one-time codes. Once an attacker convinces a user to divulge both, the entire mechanism collapses. “A face cannot be stolen or shared,” the company asserts, underscoring biometrics’ superiority over traditional authentication methods.
Meanwhile, Marks & Spencer has yet to fully restore its systems. The breach disrupted online orders, compromised segments of customer data, and prompted a large-scale forced password reset. Experts suggest that such delays may point to inadequate incident preparedness and poor internal system isolation. In today’s complex digital environments, where businesses rely heavily on cloud infrastructure and third-party providers, recovery can stretch across weeks.
Analysts estimate that the attack has already cost M&S more than £60 million—approximately $80 million. The company’s market capitalization has dropped by £1 billion in the aftermath.
Scattered Spider has claimed responsibility for the attacks on both M&S and Co-op. However, their attempt to deploy ransomware within Co-op’s systems failed—the intrusion was detected in real time. The group is notorious for employing phishing, SMS scams, SIM swapping, and “MFA fatigue” attacks to overwhelm and deceive users.
Experts warn that such incidents are becoming increasingly dangerous and far-reaching amid accelerating business digitalization. In this landscape, the adoption of biometric security may prove to be a pivotal defense against the evolving tactics of modern cybercriminals.
Donate