Mumbai: Tata Consultancy Services (TCS) has strongly refuted a UK media report that claimed British retailer Marks & Spencer (M&S) terminated a $1 billion contract with the Indian IT giant following cyberattack-related failures. Calling the report “misleading” and “factually inaccurate,” TCS clarified that the contract change had no connection with the cyber incident mentioned in the article.
In its official clarification to stock exchanges, TCS stated that the media report titled “M&S ousts Indian outsourcer accused of £300m cyberattack failures” contained several incorrect details, including the contract’s value and the alleged link to a cyberattack. “The report published is misleading, with factual inaccuracies including the size of the contract and the continuity of TCS’ work for Marks & Spencer,” the company said in a statement.
According to TCS, the service desk contract referred to in the article was part of a routine competitive tender process that began in January 2025. The decision by M&S to work with other partners was made well before the April 2025 cyber incident. “These two matters are clearly unrelated,” TCS said, stressing that the service desk contract was only a small portion of its long-standing partnership with the retailer.
The company reaffirmed that it continues to collaborate with M&S on multiple strategic projects, highlighting the strength and continuity of their relationship. “TCS continues to work on numerous other areas in its role as a strategic partner for M&S and is proud of this longstanding partnership,” it said.
Addressing the cyberattack, TCS clarified that it had conducted a comprehensive system scan and found no vulnerabilities from its end. The IT major also pointed out that it does not provide cybersecurity services to Marks & Spencer — such responsibilities are managed by another vendor.
