TCS has rejected claims made in a Telegraph report alleging its involvement in the cyberattack on Marks & Spencer (M&S), calling the article “misleading”.
In an exchange filing on late Sunday, the company said the report, titled ‘M&S ousts Indian outsourcer accused of £300m cyberattack failures’, contained “factual inaccuracies including the size of the contract and the continuity of TCS’ work for M&S.”
TCS clarified that the M&S service desk contract “followed a regular competitive request for proposal process initiated in January 2025, with M&S opting to proceed with other partners much prior to the cyber incident in April 2025.”
“These matters are hence clearly unrelated,” the company clarified.
The Indian IT giant added that the commercial aspect of the service desk area represented “an insignificant part” of its overall engagement with M&S, and that it “continues to work on numerous other areas, in its role as a strategic partner for M&S”.
On the cyber incident, TCS reiterated that after conducting a scan of its networks and systems, it concluded the vulnerabilities didn’t originate there.
“TCS does not provide cybersecurity services to M&S. This is a service that is provided by another partner,” it added.
The Telegraph had reported that Marks & Spencer ended its long-running contract with TCS to manage its technology helpdesk, months after a cyberattack that cost the British retailer an estimated £300 million.
The publication said M&S cancelled the deal in July, shortly after hackers from a group known as Scattered Spider infiltrated its systems through “social engineering”, by impersonating executives and gaining password resets.
The report said the move to end the contract so soon after the attack “will raise questions over why it was not renewed”.
The post TCS Denies Involvement in £300 Mn M&S Cyberattack, Calls Media Report ‘Misleading’ appeared first on Analytics India Magazine.
