Marks & Spencer Ends Partnership With Tata Consultancy Services After Massive Cyberattack
British retail giant Marks & Spencer (M&S) has officially ended its long-running technology help-desk partnership with Tata Consultancy Services (TCS) following one of the most damaging cyberattacks in its history, according to reports.
The breach, which struck in April 2025, crippled M&S’s digital operations, forcing the retailer to suspend online orders, halt parts of its click-and-collect service, and deal with severe in-store disruptions.
The incident is estimated to have cost the company around £300 million in lost operating profit and wiped out more than £1 billion in market value.
According to investigations, the cyberattack was carried out by the hacker group Scattered Spider, using a ransomware-as-a-service tool known as DragonForce.
Also, read| World Bank Approves Rs 2,458 Crore Loan to Kerala for “Wider Access to Health Coverage”
Instead of breaching M&S’s systems directly, the attackers exploited a vendor access route, tricking help-desk personnel into revealing login credentials through a sophisticated social engineering campaign.
Reports suggest that at least two M&S login IDs belonging to TCS staff were used to gain initial entry. Once inside, the hackers stole sensitive data before encrypting systems, demanding ransom for decryption and to prevent data leaks — a classic double-extortion attack.
The fallout was immediate and widespread. Online orders were suspended for weeks, store payment systems and stock visibility were disrupted, and many outlets reported empty shelves.
The data breach also exposed customer information, prompting M&S to issue an advisory warning customers to be cautious of potential phishing attempts. The incident not only caused financial turmoil but also damaged the brand’s long-held reputation for reliability and customer service.
In July 2025, M&S confirmed it had terminated its technology help-desk contract with TCS. The retailer stated that the decision stemmed from a competitive procurement process that began in January, months before the cyberattack.
Read also: Microsoft Halts Cloud Services To Israeli Military Over Mass Surveillance Of Palestinians
However, the timing has drawn attention, with industry observers noting that the move aligns with M&S’s broader effort to rebuild trust and strengthen its cybersecurity framework. Despite the termination, M&S emphasised that TCS remains a strategic partner for other technology initiatives.
For its part, TCS — a global IT services leader headquartered in Mumbai and employing over 600,000 people worldwide — maintained that its own systems were not compromised.
A company spokesperson clarified that TCS does not handle cybersecurity for M&S and continues to collaborate with the retailer on “numerous strategic initiatives.” Still, the optics are difficult to ignore: a high-profile client’s breach involving vendor credentials inevitably places the spotlight on third-party risk and accountability.
Analysts estimate that the breach led to roughly £300 million in lost operating profit, as supply chain disruptions and system outages hampered sales.
In addition, the market reacted sharply, erasing more than £1 billion in value from M&S’s stock. The episode highlights how a single human error — in this case, a help-desk staff member deceived by a social-engineering attack — can have devastating consequences for a major retailer operating in a highly digital ecosystem.
Cybersecurity experts say this attack has become a textbook case of third-party vulnerability. As large retailers depend on complex outsourcing networks, attackers increasingly target human touchpoints such as help desks, where scripted password resets and verification flows can be manipulated by skilled impersonators. These “soft targets,” experts warn, are often the weakest links in otherwise robust cybersecurity frameworks.
M&S is now accelerating efforts to modernize its IT infrastructure and tighten vendor access controls. The company is reportedly overhauling help-desk protocols, enforcing stricter multi-factor authentication, and increasing cybersecurity awareness training for both internal and external staff.
(With inputs from LinkedIn)
