TCS linked to Co-op, M&S retail hacks

Morrisons and Sainsbury’s among other UK customers

Links have been drawn between recent UK ransomware victims and Tata Consultancy Services.

Following the revelation that cyber attackers broke into UK retail giant Marks & Spencer through a third party, it has come out that both M&S and the Co-op are current customers of the Indian outsourcing giant – as well as other retailers who have not yet been breached.

M&S was the first retailer to fall, over the busy Easter weekend, but not the last: the Co-op and Harrods soon joined the string of victims.

A source at M&S told Reuters that TCS was a “means of access,” and that at least two Tata Consulting Services employees’ M&S logins were used as part of the breach.

We then began looking into TCS’ other high-profile UK customers.

Marks & Spencer began working with TCS in the early 2010s and extended that to outsource half of its tech jobs in 2018. It expanded the partnership again five years later, in 2023, to transform its tech stack.

The Co-op, which managed to shut down the cyberattack before it really got going, is also a TCS customer. The companies began working together in 2010 and deepened their bond last February.

We have found no evidence that Harrods or Peter Green Chilled work with TCS, but we know the Ministry of Justice – which sponsors the recently breached Legal Aid Agency – signed a multi-year deal with Tata in 2012.

Tata has confirmed to us that it no longer works with the MoJ.

While we only have anonymous sources claiming TCS played a part in the cyberattacks, it is a shared factor between multiple victims.

Other UK retailers using TCS’ services include Morrisons, Sainsbury’s and Kingfisher, which owns brands like B&Q, Screwfix and Tradepoint.