TCS clarifies M&S contract and cyberattack claims

Tata Consultancy Services (TCS) today addressed an article in The Telegraph, titled "M&S ousts Indian outsourcer accused of £300m cyberattack failures," published on October 26, 2025. TCS stated that the report was misleading and contained factual inaccuracies concerning the contract's size and the continuity of its work for Marks & Spencer (M&S).

According to TCS, the service desk contract with M&S concluded following a regular competitive RFP process initiated in January 2025. M&S chose to proceed with other partners well before the cyber incident occurred in April 2025, clarifying that these events are unrelated. TCS emphasized that the service desk area represents an insignificant part of its overall engagement with M&S, and the company continues its role as a strategic partner for M&S across numerous other areas.

Regarding the cyber incident itself, TCS confirmed that its internal scans found no vulnerabilities originating from its own networks or systems. The company also clarified that it does not provide cybersecurity services to M&S, which are handled by another partner.