MR logo
Marks & Spencer Cyberattack

5 Proofs TCS Isn’t Involved in the £300M Marks & Spencer Cyberattack

Follow Us:

Linkedin Facebook Instagram Twitter Youtube Pinterest

Mirror Review

October 28, 2025

In April 2025, Marks & Spencer (M&S) suffered a major cyber incident that it says will cost the business around £300 million in lost operating profit.

Reports in the UK media in late October claimed that TCS had lost a roughly US$1 billion contract with M&S as a result of that cyberattack.

TCS responded emphatically: the story is “misleading”, the contract size was misreported, the decision was unrelated to the cyberattack, and TCS’s systems were not compromised.

From this starting point, the following five proofs show why TCS should not be cast as the culprit in the Marks & Spencer Cyberattack.

1. TCS Systems Were Not Compromised

Early in the investigation, TCS publicly confirmed that none of its systems or users were compromised in connection with the M&S cyberattack.

Specifically:

  • TCS said a full scan revealed no vulnerability originated from its network.
  • Its internal controls remained intact, and it does not provide cybersecurity services to M&S (another partner handles that).

Thus, from a forensic perspective, there is no evidence linking TCS infrastructure to the entry point of the cyberattack.

2. The Contract Change Pre-dated the Incident

One of the main arguments linking TCS to the cyberattack was that M&S ended a contract with TCS after the attack. But the timeline undercuts that.

  • The contract in question (the IT service-desk role) went into competitive tender from January 2025, well before the cyberattack in April 2025.
  • TCS says the decision to switch providers was made much earlier and was part of M&S’s routine procurement, not a reaction to the breach.

Therefore, the change can’t logically be a penalty for failure in the attack.

3. The Contract Was a Minor Piece of the Relationship

Another misconception: the media reports implied this was a huge contract (US$1 billion) and entirely wrapped up by TCS’s alleged failure. But facts differ:

  • TCS itself says the contracted “service desk” business was insignificant relative to the wider M&S-TCS partnership.
  • The actual size and scope of that service-desk role were misrepresented in media reports.
  • TCS continues to provide other services to M&S, and the relationship remains alive.

In short, even if there was a change, it was not central enough to justify blaming TCS for the Marks & Spencer Cyberattack.

4. M&S Identified the Breach Route as a Third-Party Contractor

M&S disclosed that its cyberattack stemmed from a breach via a third-party contractor, not via its own systems.

Key details:

  • The attackers used “social engineering” to access an external provider over the Easter weekend (April 19-20).
  • M&S’s CEO emphasized that the company’s systems held up, and access was gained through an outside link, and not by direct infiltration of M&S’s core IT.
  • Although TCS is a major IT services provider to M&S, there is no public link or admission that TCS was “that” third-party contractor.

Given that the point of intrusion was external and generic (social engineering), the narrative that TCS is responsible is weakened.

5. Clear Public Disclaimers from TCS

TCS’s response is notable for its clarity and insistence on accuracy. Some key lines:

  • “The report published … is misleading, with factual inaccuracies including the size of the contract and the continuity of TCS’ work for M&S.”
  • “As both M&S and TCS have clarified, the service desk contract with M&S followed a regular competitive RFP process … These matters are hence clearly unrelated.”
  • TCS reiterates it does not provide cybersecurity services to M&S.

These repeated, unambiguous statements strengthen the case that TCS is being mischaracterised in the press.

Conclusion

This analysis of the Marks & Spencer cyberattack reveals that while the incident is significant, the linking of Tata Consultancy Services to the breach is not supported by key facts.


From systems intact, to pre-incident contract changes, to the minor scale of the role, to the actual breach route, the signs point away from TCS.


Hence, the available evidence suggests that the cyberattack, while devastating, did not originate via TCS, and the company’s relationship with M&S continues beyond the surfaced headlines.


In the broader context of outsourcing, cybersecurity, and vendor relationships, this incident shows the importance of clarity in contract scope, breach attribution, and the dangers of jumping to conclusions when complex supply chains are involved.

The true lesson?

When a major retailer faces a cyberattack, the blame often lies not in the headline vendor, but in overlooked links — and that’s exactly what appears to have happened here.

Maria Isabel Rodrigues

Share:

Facebook
Twitter
Pinterest
LinkedIn
MR logo

Mirror Review

Mirror Review shares the latest news and events in the business world and produces well-researched articles to help the readers stay informed of the latest trends. The magazine also promotes enterprises that serve their clients with futuristic offerings and acute integrity.

Subscribe To Our Newsletter

Get updates and learn from the best

Mirror Work

Michael Zitz Coverstory
Vishal Shukla Coverstory
Mark Kembel’s Coverstory
Travis LeFever Coverstory
CoverPage Joel Gueguen

MR Exclusive

Recommended:

Elevate Your Brand Prestige.

Through a partnership with Mirror Review, your brand achieves association with EXCELLENCE and EMINENCE, which enhances your position on the global business stage. Let’s discuss and achieve your future ambitions.
MirrorReview-Logo
Mirror Review helps visionary brands achieve strategic visibility and connect with influential business leaders. Explore how we can transform your brand.
Facebook Youtube X-twitter Linkedin Instagram
Pericles Ventures Inc 1207 Delaware Ave #2177 Wilmington DE 19806

Our Services

Company Info

Quick Link

  • info@mirrorreview.com
  • Copyright © 2025 Pericles Ventures Pvt. Ltd. All rights reserved.
  • +1(469)498-1981
MR logo

Through a partnership with Mirror Review, your brand achieves association with EXCELLENCE and EMINENCE, which enhances your position on the global business stage. Let’s discuss and achieve your future ambitions.

Quick Links

Company Info

Mubashir Hanif_ Cover Page