Athira Sethu
Kochi, 27 October 2025
Tata Consultancy Services (TCS) has dismissed a UK media report that stated Marks & Spencer (M&S) terminated its contract with the Indian IT firm because of the cyberattack that hit it earlier this year. In a report by The Telegraph, M&S lost approximately £300 million from the hack and terminated its longstanding contract with TCS last July.
TCS reacted by stating the report was inaccurate and had a number of factual inaccuracies, including the value of the contract and the nature of its current relationship with M&S. The company said that the contract for managing M&S’s technology helpdesk was included in a routine competitive bidding process, which began in January, several months prior to the cyberattack in April. M&S had already made up their mind to use other partners when the incident occurred. TCS also added that the business benefit of the helpdesk service was minimal in relation to the bigger long-term association between TCS and M&S.
TCS went on to reiterate its commitment towards M&S, saying it still serves various other areas of the retailer’s business as a strategic partner. The firm also made it clear that it had no role in M&S’s cybersecurity services, which are managed by another partner.
The Telegraph report indicated that the hackers, a group known as “Scattered Spider,” entered M&S’s systems by social engineering, where they duped helpdesk personnel into resetting passwords. After the breach, M&S Chairman Archie Norman informed British legislators that hackers employed advanced impersonation techniques to gain entry into the systems, using a third-party service.
Following the attack, TCS did an in-house inquiry to determine whether its technology helpdesk was responsible for the breach. But subsequently, it decided that it was not at fault and the weakness was not from TCS’s systems.
