TCS denies UK report on M&S contract, says cyberattack claims are “misleading”

Tata Consultancy Services (TCS) has hit back at a UK media report claiming Marks & Spencer (M&S) dumped the Indian IT giant over a cyberattack-related failure, calling the story “misleading” and factually inaccurate.

In a late Sunday filing with stock exchanges, TCS refuted The Telegraph’s report titled “M&S ousts Indian outsourcer accused of £300m cyberattack failures”, which alleged that M&S dropped a $1 billion helpdesk contract with TCS following a breach that cost the British retailer GBP 300 million.

TCS clarified that the contract in question was a service desk deal — a minor part of its overall engagement with M&S — and had gone through a routine competitive tender beginning in January 2025. M&S had chosen to work with other vendors “much prior to the cyber incident in April 2025,” the company said, stressing that the events were “clearly unrelated.”

“TCS continues to work on numerous other areas in its role as a strategic partner for M&S and is proud of this longstanding partnership,” the company said in its statement.

TCS also addressed the cybersecurity angle, noting that it does not provide cybersecurity services to M&S — that responsibility lies with another vendor. “TCS conducted a full scan of its networks and systems and confirmed that no vulnerabilities originated from its end,” the company added.

Both TCS and M&S have confirmed that the decision not to renew the helpdesk contract was unrelated to the cyber breach.