TCS Denies Losing $1 Billion M&S Contract After Cyberattack
Tata Consultancy Services (TCS) has strongly denied a UK media report claiming it lost a $1 billion contract with Marks & Spencer following a cyberattack, calling the report “misleading” and “factually inaccurate.”
Key Clarifications from TCS
In an official stock exchange filing, TCS refuted multiple claims from the article “M&S ousts Indian outsourcer accused of £300m cyberattack failures”:
- The contract size was misrepresented
- The contract decision was made before the cyber incident
- TCS continues as M&S’s strategic partner
- The service desk contract was a small part of their overall partnership
“The report published is misleading, with factual inaccuracies including the size of the contract and the continuity of TCS’ work for Marks & Spencer (M&S),” the company stated.
Timeline Clarification
TCS explained that the M&S service desk contract underwent a routine competitive tender process starting January 2025. Marks & Spencer decided to work with other partners “much prior to the cyber incident in April 2025,” confirming the two matters were “clearly unrelated.”
“TCS continues to work on numerous other areas in its role as a strategic partner for M&S and is proud of this longstanding partnership,” the company emphasized.
Cyberattack Investigation
Regarding the cybersecurity aspect, TCS conducted complete system scans and found no vulnerabilities from their end. The company clarified it doesn’t provide cybersecurity services to M&S, as those are handled by another vendor.
Both companies have confirmed the contract decision was made before the cyber incident and was part of a regular renewal process, contrary to media reports suggesting the non-renewal was cyberattack-related.
