Did M&S cancel the TCS contract due to a cyber attack? Firm clarifies

Tata Consultancy Services, one of India's largest IT companies, has called a UK media report claiming that Marks & Spencer (M&S) ended a USD 1 billion contract with the Indian IT major over cyberattacks, as misleading.

The Tata Group company, in a stock exchange filing, said on Sunday evening that The Telegraph article, titled 'M&S ousts Indian outsourcer accused of £300m cyberattack failures', was misleading as it had factual errors.

The company said the M&S service desk contract was put through a tender process starting in January 2025. The retailer decided to work with other partners in April 2025, which was before the cyber incident.

TCS said the ending of the contract wasn't linked to the attack. It, however, said that the service desk contract was an "insignificant part" of its overall engagement with M&S.

The company said in the statement that TCS is still working on numerous areas in its role as a strategic partner for M&S and is "proud of this longstanding partnership".

TCS said after the cyber incident, the company had conducted a full scan of its own networks and systems and confirmed that no vulnerabilities originated from its end.

It said the company didn't provide cybersecurity to M&S.

It added that cybersecurity was being provided by another partner.

The cyberattack had caused the British clothes company losses to the tune of GBP 300 million.

The news report claims that M&S terminated the contract after the attack. TCS called the report "highly exaggerated and baseless".