Read more about the M& cyber-attack:
Tata Consultancy Services (TCS) has denied that it lost a service desk contract with Marks & Spencer (M&S) after the UK retailer was hit by a cyber-attack.
On October 26, UK newspaper The Telegraph reported that M&S “ditched” its service desk contract with TCS because the Indian IT outsourcing giant was accused of being at fault for the devastating cyber-attack that hit the retailer in April.
In a regulatory filing sent to several Indian stock exchanges on the same day, TCS described the article as “misleading” and pointed to “factual inaccuracies.”
Read more: M&S and Co-op Hacks Classified as Single Cyber Event
TCS said that while M&S did consider signing a service desk contract with TCS through a request for proposal (RFP) process initiated in January 2025, the retailer selected other suppliers. This choice that was made “much prior to the cyber incident in April 2025,” the TCS filing noted.
“These matters are hence clearly unrelated,” The Tata Group subsidiary added.
A source familiar with the matter told the Financial Times that TCS provided service desk services to M&S before January 2025, but that the UK retailer decided to select another provider following the RFP process.
TCS highlighted that it has many other forms of collaboration and contracts with M&S beyond service desk and that many of these are still ongoing.
Regarding the cyber-attack that took much of M&S’ digital services offline, TCS claimed that the vulnerabilities that led to the incident did not come from any of its networks and systems. This conclusion followed an investigation carried out by TCS in June.
Tata noted that TCS does not provide cybersecurity services to M&S.
Photo credits: SNEHIT PHOTO / Tada Images / Shutterstock.com
Read now: Scattered Spider Uses Tech Vendor Impersonation and Phishing Kits to Target Helpdesks
