TCS denies losing Marks & Spencer contract after cyberattack
BRITISH COLUMBIA, CANADA — Tata Consultancy Services (TCS) has firmly denied reports suggesting that it lost a service desk contract with British retailer Marks & Spencer (M&S) following a major cyberattack earlier this year, according to a report from Infosecurity Magazine.
The Indian IT giant described the reports as “misleading” and based on “factual inaccuracies.”
TCS says M&S contract loss preceded cyberattack
In a regulatory filing to Indian stock exchanges on October 26, TCS clarified that while M&S had indeed launched a request for proposal (RFP) process in January 2025 to evaluate service desk providers, the retailer’s decision to select another vendor was made “much prior to the cyber incident in April 2025.”
“These matters are hence clearly unrelated,” the Tata Group subsidiary stated in the filing.
The clarification came after The Telegraph claimed M&S “ditched” TCS following accusations that the company’s systems were at fault for the April cyber-attack, which temporarily disrupted the retailer’s digital operations.
However, TCS emphasized that its internal review found no evidence linking its networks or systems to the breach.
TCS also stressed that it does not provide cybersecurity services to M&S, countering the notion that it bore responsibility for the retailer’s compromised systems.
TCS-M&S partnership continues despite service desk shift
Despite losing the service desk bid, TCS underscored that it continues to maintain several other contracts with M&S. A source familiar with the matter told The Financial Times that TCS had previously provided service desk support to M&S but was replaced after the January RFP process.
“TCS highlighted that it has many other forms of collaboration and contracts with M&S beyond service desk and that many of these are still ongoing,” the report stated.
Broader implications for IT outsourcing
The episode underscores the heightened scrutiny facing global IT vendors amid rising cyber threats and shifting client expectations. In an industry where trust and security are paramount, even unsubstantiated claims can test long-standing partnerships.
TCS’s swift clarification reflects how leading IT service providers are increasingly prioritizing transparency and communication to safeguard their reputations.
As enterprises worldwide re-evaluate vendor accountability after cyber incidents, firms like TCS are likely to see even greater pressure to demonstrate resilience and responsibility in an era defined by digital risk.
The company previously ranked #8 in the OA500 2025, an objective index of the world’s top 500 outsourcing companies.
