Marks and Spencer’s CEO says half of their online ordering is still offline after their ransomware incident, they hope to get open in next 4 weeks.

They are also rebuilding internal systems and hope a majority of that will be done by August.

Lesson: mass contain early. M&S didn’t. Co-op did.

https://www.reuters.com/business/retail-consumer/ms-ceo-most-cyberattack-impact-will-be-behind-us-by-august-2025-07-01/

@GossiTheDog I'd be very curious to know what the breakdown is between TCS dropping the ball and lying about it and M&S/Co-op not actually insisting on adequate procedure.

It's not terribly uncommon for people to only care about time-to-resolution with some lip service to user satisfaction when it comes to helpdesk metrics; and tacitly discourage things that are slow and unpleasant like hassling people for ID, at least until that becomes a visibly terrible idea.

@GossiTheDog

"M-SThrowaway" might indicate M&S?

Or is that too obvious or deliberate obfuscation? 🙂🤷‍♂️

@GossiTheDog as someone who has been subjected to Tata on multiple occasions going back over a decade?

This isn't nearly spicy enough. I don't even describe them as a 'body shop' because they'd gladly route you to a corpse and try to charge extra for '24x7 coverage.'

When one employer did a basic security audit of their helpdesk services, Tata failed so severely that the contract was pulled for cause before the audit was even completed. They moved it all back in-house.

@GossiTheDog The root problem here isn't that TCS are shockingly bad (they are, just about everyone knows that).

The root problem is that "management decisions" constantly overrule those that raise concerns about their service and tell any remaining internal IT and security staff to "deal with it as best you can."

I'm very much of the view that, yes, the outsourced provider can be the cause of an incident, they can provide a shockingly bad service, they can cost your business millions of pounds. But the decision to continue to use them when you already know this is a real possibility - that's a decision by senior management within the company. That's on you.

@GossiTheDog Interesting. I don't have the background on this specific attack, but I'm reminded of the Target credit card theft. An HVAC company near me was the point of entry for the attackers; they had high-access keys to Target's intranet because they install and maintain shopping-mall-grade HVAC and can remote-override it for maintenance and schedule reasons (nation-scale chain stores with giant footprints save not-inconsequential money on things like "Don't power up the HVAC to normal capacity on days nobody is here").

They had the keys on the same machine running their webserver.

(Meanwhile, Target actually did get an SEC slap-on-the-wrist for one specific thing: the HVAC intranet piece wasn't firewalled from the financial transactions and cash register source code pieces).

@GossiTheDog @tdp_org

If it is the case then the leaders of businesses like M&S who outsource these services to the lowest cost providers should also be held to account

It’s typical of British business management to know the cost of technology but not the value of it

@GossiTheDog K. Krithivasan, also known as Krithi, aka the face of quality IT, that you can trust.

Hash tag

These Indian, "IT", call centers probably do double time as scamming operations.

Hilarious twist would be that it was an inside job, faked to look like a compromise.

@GossiTheDog

Why does an offshore call center even have access to administrator passwords?