Latest news with #Marks&Spencer
Mint
a day ago
- Business
- Mint
‘No systems or users were compromised': TCS clarifies as Marks & Spencer investigates cyber breach
India's largest IT company, Tata Consultancy Services' (TCS) independent director Keki Mistry, told the firm's shareholders that no TCS systems or users were compromised due to the cyberattack on one of its clients. 'As no TCS systems or users were compromised, none of our other customers are impacted,' said Keki Mistry, independent director of TCS, at the annual shareholder meeting, as reported by the news agency Reuters on Thursday, 19 June 2025. Marks && Spencer (M&S), one of TCS's decade-long clients, was a victim of a cyberattack, which raised concerns among shareholders about how much TCS was affected by it. 'The purview of the investigation (of Marks & Spencer) does not include TCS,' said Mistry, quoted in the news agency's report. According to a BBC report, a group of English-speaking hackers used the illicit service known as DragonForce to carry out their cyber attack on the fashion retail giant Marks & Spencer. Dragonforce operates as a cybercrime service for people to use in exchange for a fee, which gives people access to the malicious software to carry out cyberattacks and demand extortion, according to the report. In an email to the news portal, DragonForce claimed responsibility for the cyberattack and demanded payment from the company. The email was sent through the account of an employee working at TCS. The news portal's report also confirmed that Marks & Spencer's head, Stuart Machin, said that the hackers got in through 'social engineering' as they pretended to be someone trustworthy and tricked the employee into giving out passwords or login access. Machin said that the attack was carried out through a third party which had access to M&S systems, according to the report. This incident marked the first time TCS publicly responded to a cyberattack for a decade-long client, M&S. However, Marks & Spencer did not respond to the agency's queries on the development. LiveMint couldn't independently verify the report. In 2023, TCS reportedly bagged a $1 billion contract to modernise M&S's technology needs to foster its supply chain and omni-channel sales and increase its online sales. After the cyber attack, the IT firm is internally investigating the entry point of the cyber attack, as reported by the news portal The Financial Times. This incident also reportedly resulted is a loss of operating profit to the extent of nearly 300 million pounds ($403 million). The cyber attack also disrupted the company's online services, which can likely be revived by July 2025, according to the agency report.
&w=3840&q=100)
Business Standard
a day ago
- Business
- Business Standard
TCS says co not under probe in M&S breach; Chandra skips AGM for first time
India's largest IT services firm, Tata Consultancy Services (TCS), clarified at its 30th annual general meeting (AGM) that the company is not under investigation in relation to the recent cyber breach at one of its largest retail clients, Marks & Spencer. 'The purview of investigation does not include TCS,' said Keki Mistry, independent director, addressing shareholders. Responding to a shareholder query regarding the breach at UK-based Marks & Spencer, Mistry said: 'This incident is currently under review and investigation by the customer. As no TCS customer or system was compromised, none of our other customers were impacted.' The cyber breach, which occurred during the busy Easter weekend, disrupted online shopping services. According to a report by the Financial Times, the breach may result in losses of up to 300 million pounds. Mistry added that TCS has followed all required procedures and continues to provide full support to the client to ensure full recovery of systems and business continuity. For the first time in 17 years, N Chandrasekaran, chairman of Tata Sons, was absent from the TCS AGM. Chandrasekaran has been on the TCS board since 2007, when he served as the chief operating officer and executive director. As board members and key executives gathered to address shareholders, company secretary Yashaswin Sheth informed attendees that Chandrasekaran was unable to attend due to exigent circumstances. TCS is the second Tata Group company whose AGM Chandrasekaran missed this year. On Wednesday, he was also absent from the AGM of Tata Consumer Products. 'This is a very difficult time for us at the Tata Group. We are all deeply saddened. This is an unimaginable tragedy that has resulted in the loss of so many lives. Words can be of no consolation right now,' said Mistry. 'Our thoughts are with the families and loved ones of those who have lost their lives. The Tata Group stands in solidarity with those affected during these challenging times,' he added. During the AGM, shareholders expressed concerns over how TCS is preparing for the rapid rise of artificial intelligence (AI) and generative AI, particularly in terms of potential job losses and shifts in the business model. 'We are building AI and genAI-powered solutions for customers to solve key business challenges. We are setting up AI centres of excellence and AI labs to enable enterprise-wide adoption,' Mistry said. He also added that the company is developing digital assets and investing in talent. Addressing concerns around job losses, Mistry acknowledged that AI will automate several functions but will also create new roles. 'Recent advances in AI, such as reasoning capabilities and agentic AI, are expected to result in higher levels of automation. We do foresee scenarios where new forms of AI can perform some tasks autonomously that humans do today. This will lead to a new human-plus-AI operating model,' he explained. Commenting on the global volatility, Mistry noted that industries are experiencing heightened uncertainty due to ongoing conflicts and macroeconomic conditions. 'We continue to stay close to our customers and help them navigate this extremely challenging environment. Our order books remain healthy,' he elaborated. On India's digital sovereignty, Mistry reaffirmed the country's strategic importance for TCS. 'India is an extremely important geography for us, and we continue to build indigenous technologies that directly address the needs of governments and enterprises,' he added.
Yahoo
2 days ago
- Business
- Yahoo
John Lewis appoints former M&S executive as chief customer officer
UK department store chain John Lewis has appointed former Marks & Spencer marketing director Anna Braithwaite as its new chief customer officer to drive brand experience and excellence. Braithwaite will assume the position on 1 October 2025. She brings more than two decades of expertise in brand and marketing and will report directly to Peter Ruis, managing director of John Lewis. Ruis stated: 'I'm thrilled that Anna is returning to John Lewis. Her understanding of the John Lewis brand and her laser focus on the needs of customers makes her the ideal person to lead our customer and marketing strategy. I know that Anna will build on the John Lewis experience that our customers know and love.' Braithwaite will oversee brand and marketing across all channels, loyalty programmes, customer experience, and creative and content teams. Her appointment aims to ensure that 'the brand continues to deliver exceptional quality, value and service for its customers'. The John Lewis Partnership is the proprietor of two major UK retail entities, John Lewis and Waitrose. The former encompasses 34 physical locations throughout the UK, alongside its e-commerce platform, Waitrose has 300 stores across England, Scotland, Wales and the Channel Islands, which includes 47 smaller format stores and 27 outlets situated within Welcome Break facilities. It also has a presence online. Anna Braithwaite stated: 'I'm incredibly excited to be joining at such a pivotal time, following the return of a re-energised Never Knowingly Undersold and with John Lewis recently being awarded Which? Retailer of the Year.' Braithwaite began at John Lewis as a graduate trainee and worked in various marketing roles within the company. She expanded her horizons to work with fashion brands Hobbs and Jacques Vert. She then progressed to Tesco, where she held the title of head of brand marketing for F&F clothes and served as global brand director for non-food. "John Lewis appoints former M&S executive as chief customer officer" was originally created and published by Retail Insight Network, a GlobalData owned brand. The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site.
Yahoo
3 days ago
- Business
- Yahoo
UK retailers face escalating threats as cybersecurity readiness falters
Of the 117 senior UK retail executives interviewed for the research, 11% acknowledge their lack of preparedness for cybersecurity threats. Cybersecurity has also been recognised by 58% of retail leaders as one of the top three risks facing their industry in the coming year, signalling increased awareness of the dangers posed by ransomware, data breaches, and system failures. This growing apprehension has led to an increase in investments in cybersecurity among retailers, with 64% enhancing their focus on this area over the past year. Efforts include system upgrades, response plan evaluations, and the integration of security measures throughout supply chains, according to the research. It also noted that the complexity and interconnectivity of risks have also intensified, as evidenced by the top 30 UK-listed retailers disclosing 278 principal risks, including 40 new or escalating concerns within the last year. Cyber-related issues represent 25% of these emerging risks. In April this year, Marks & Spencer suspended online and app orders due to a significant cyberattack and anticipated an operating profit impact of around £300m for the fiscal year 2025/26 before implementing any mitigating strategies. Additionally, The North Face experienced a "small-scale credential stuffing attack," prompting customer notifications. Retail Economics chief executive Richard Lim said: 'Cyber threats are no longer just an IT issue. They cut to the heart of customer trust, brand reputation and operational continuity. It's concerning that so many retailers still lack the confidence and capability to respond effectively. Resilience today isn't just about protection. It's about being ready to act, recover quickly and adapt at speed. 'The most forward-thinking retailers are using cyber risk as a catalyst for broader transformation. They are accelerating investment in digital infrastructure, strengthening internal agility and embedding resilience across their operations. These are the bold decisions, made under pressure, that will shape long-term success.' Financial pressure Beyond cybersecurity, financial challenges loom large for retailers who are bracing for a £6.5bn surge in operating costs in 2025. Factors contributing to this increase include higher National Living Wage rates, Employer National Insurance contributions, business rates, utilities, and property expenses. The study showed that average pre-tax profit margins have dwindled from 10.4% in 2014 to 5.7% in 2024, a loss exceeding £7.3bn in pre-tax profits across the sector. In response to these pressures, retailers are sharpening their focus on cost control while also investing in technology, data analytics, and supply chain fortification. The resilience gap among retailers is becoming more pronounced. While some see themselves as 'ahead of the game' in risk management, a slight increase from 26% to 28%, the proportion lagging behind has risen more significantly from 21% to 25%. A majority of retail leaders (58%) believe the performance disparity between top-performing and underperforming businesses is expanding. Barclays UK Corporate Banking retail and wholesale head Karen Johnson said: 'As operational and financial risks continue to escalate, it's clear that embracing technological advancements and enhancing cybersecurity measures will be key to building resilience for UK retailers." "UK retailers face escalating threats as cybersecurity readiness falters" was originally created and published by Just Style, a GlobalData owned brand. The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
4 days ago
- Business
- Yahoo
‘We're being attacked all the time': how UK banks stop hackers
It is every bank boss's worst nightmare: a panicked phone call informs them a cyber-attack has crippled the IT system, rapidly unleashing chaos across the entire UK financial industry. As household names in other industries, including Marks & Spencer, grapple with the fallout from such hacks, banking executives will be acutely aware that, for them, the stakes are even higher. Within hours of a successful bank hack, millions of direct debits could fail, leaving rents, mortgages and wages unpaid. Online banking may be blocked, cash machine withdrawals denied, and commuters left in limbo as buses and petrol stations reject payments. News of the attack could spark panic, leading to a run on rival lenders, as customers pull money from their accounts amid fear the disruption could spread. This situation may seem far-fetched but it is not a long way off from the government's 'reasonable worst-case scenario' if a sophisticated cyber-attack hit a big UK bank. With the financial industry among 14 sectors categorised as 'critical national infrastructure', it is no surprise that a hack is listed on the national risk register, which models some of the biggest threats facing the UK. Billions of pounds are being spent preventing the kind of devastating attacks that shut down systems at three retailers, Harrods, the Co-op and M&S, this spring. 'The amount of money [that] banks, all of us, will be spending on our systems is enormous today. And it has to be,' the UK chief executive of HSBC, Ian Stuart, told MPs last month. 'We are being attacked all the time.' HSBC alone is having to invest hundreds of millions of pounds to protect itself, Stuart said. 'This is our biggest expense.' Globally, banks are expected to allocate 11% of their IT budgets to cybersecurity in 2025, according to an EY study. With those IT budgets forecast to hit $290bn (£214bn) this year, according to the research body Celent, banks could end up shelling out $32bn on cybersecurity by December. It is a new era for high street banks, as attempted heists evolve from criminals in balaclavas hitting physical branches and vaults to state-sponsored hackers and independent cybergroups looking for ransom payments or merely to cause mass disruption. 'Banks have understood the risk far better than probably a lot of other industries. They've invested far more in security,' said Stuart McKenzie, a managing director for Mandiant Consulting, a Google-owned cybersecurity company that works closely with a number of lenders in the UK. Last month the governor of the Bank of England told the BBC that cybersecurity was a risk that was never going away because it continually evolved. 'We're dealing with bad actors who will continually refine the lines of attack. And I always have to say to institutions: 'You've got to continue to work at this,'' Andrew Bailey said. However, protecting systems is a complex task. Most high street banks operate on an onion-like IT system, with layers upon layers of updates, patches and add-ons. Throw third-party software and cloud providers into the mix, and banks are left playing whack-a-mole. 'We call it the attack surface,' Alan Woodward, a professor and cybersecurity expert at the University of Surrey, said. 'The attack surface has actually increased, so the opportunities for attackers to try to look for ways in have also increased.' No bank hacks to date have been disruptive enough to bring a country to an economic standstill – although April's power blackout across the Iberian peninsula exposed how reliant modern societies are on digital payments. Where hackers have been successful, they have more often than not targeted banks' customer data and accounts. In 2021, attackers on the US bank Morgan Stanley stole personal information belonging to its corporate clients by hacking into a server used by a third-party consulting company. A year earlier, at the start of the Covid pandemic, attackers got hold of staff mailboxes at the Italian state-owned bank Monte dei Paschi, and sent emails to clients with voicemail attachments. Meanwhile, one of the most devastating hacks on a UK bank came in 2016, when criminals found a way to guess bank card details and steal almost £2.5m from 9,000 accounts at Tesco Bank. Tesco was forced to halt all online and contactless card transactions after struggling to block fake purchases taking place around the world, including Spain and Brazil. Tesco Bank eventually reimbursed customers in full. The National Cyber Security Centre says customers who suspect a hack should contact their bank using their official website or social media channels, and avoid using any links or contact details they have been sent. The organisation should be able to confirm if a hack has actually taken place, how they have been affected and what they need to do next. The Bank of England has tried to stay a step ahead. Policymakers officially recognised cybersecurity as a risk to financial stability in 2013 and started to implement cyber resilience standards for all regulated banks and insurers under its supervision. That involved the launch of 'CBEST', a world-first scheme in which ethical hackers test a single bank's potential vulnerabilities with a cutting-edge attack. 'Nothing is 100% secure,' Woodward said, but the UK banking system comes close. 'A lot of it has to do with the oversight', particularly by the central bank. 'They gather threats and intelligence from MI5, GCHQ, NCSC, all the usual people, and then they actually try real scenarios out to see how robustly a bank can withstand that,' he said. The central bank also coordinates multiday cyberwar games as part of its SIMEX – simulation exercise – programme every two years to test City companies' security. Authorities are tested, too, and the Bank, the Financial Conduct Authority, the Treasury and the National Cyber Security Centre review their response to a range of devastating scenarios. Regulators are not just checking banks' preventive measures. Policymakers assume a cyber-attack will eventually be successful and are therefore pushing banks to prepare their response and recover plans that would avoid long-lasting outages that could bring pockets of the economy to a standstill. The Cross Market Business Continuity Group, which brings together regulators and members of the bank industry body UK Finance, boasts the ability to summon about 100 companies for emergency group calls in under an hour to discuss a potential attack. Fending off a hack is seen as vital to protect an industry that ultimately trades on trust: customers expect lenders to keep their information, wages and life savings protected from outside threats. 'If somebody breaks in there and manages to make a fraudulent transaction … you're not going to trust that bank again with your money, are you?' Woodward said. Banks have already experienced the backlash that can erupt from mere IT outages, without any malicious actors trying to disrupt the banking system or steal data and cash. TSB has for years been working to restore its reputation after its IT meltdown in 2018, caused by its botched separation from Lloyds' internal systems, which left millions of banking customers locked out of their accounts for weeks. The lender was subsequently fined £48m for 'widespread and serious' failings. Outages have continued to plague customers of Britain's largest banks and building societies, who suffered the equivalent of more than a month of IT failures between January 2023 and February 2025, according to the data gathered by the parliamentary Treasury committee. 'The security of customer money and data is of paramount importance to banks, not just because it's a requirement under regulation but because it's the way that banks do business,' Laura Catterick, a director focused on resilience and cybersecurity at UK Finance, said. 'I would say, never rule out a cyber-attack. But I would say, there should be confidence in the amount of cyber defences in place.' Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
