- TCS says none of its systems or users were affected in Marks and Spencer attack
- M&S was hit by a major cyberattack earlier in 2025
- TCS vowed an investigation, but has offered little information so far
The third-party supplier many have blamed for the major cyberattack against Marks and Spencer (M&S) has revealed its first findings of an internal investigation into its role in the incident.
Tata Consultancy Services (TCS) has said none of its “systems or users were compromised” as part of the cyberattack.
“As no TCS systems or users were compromised, none of our other customers are impacted” independent director Keki Mistry told its annual shareholder meeting, Reuters reports.
TCS role and investigation
M&S was apparently hit by the attack on April 22, revealing news of the incident several days later.
Following an initial probe, experts proposed that the attackers were able to break into its systems by compromising workers at TCS, which has provided third-party services to M&S for over a decade on Sparks, the retailer’s customer reward scheme.
In 2023, TCS also reportedly secured a $1 billion contract to modernize M&S’ legacy technology across its supply chain and omni-channel sales, aiming to boost online sales.
TCS, part of the massive Tata Group conglomerate, was reported to be carrying out a full investigation, but has remained quiet until this unexpected (and brief) mention.
M&S has forecast the attack could cost it around £300 million in lost operating profit in its financial year.
It was recently revealed the hackers contacted M&S CEO Stuart Machin in a mocking email the day after the attack, demanding payment for the attack.
This email was sent from the DragonForce hacking collective, which carries out such attacks in return for payment or reward from other parties in exchange for a cut of any ransom payments.
M&S has not confirmed whether it has paid a ransom to the hackers, but did admit some customer data was stolen in the attack. This did not include any passwords or card or payment details, but home addressess, phone numbers and dates of birth may have been affected.
Anyone concerned their data may have been taken, we recommend using a dark web monitoring service, or using a breach monitor such as Have I Been Pwned to check for potential exposures.
TCS has not yet responded to a TechRadar Pro request for comment.
