Tata Consultancy Services is investigating its possible role in the Marks & Spencer cyber-attack, which has caused significant operational and financial disruption.
 |
| Tata Consultancy Services is examining whether its systems were exploited in a cyber-attack on M&S, which has caused widespread online disruption and losses. Image: M&S/ CH |
LONDON, UK — May 24, 2025:
Indian IT powerhouse Tata Consultancy Services (TCS) has launched an internal investigation to determine whether it served as the entry point for a damaging cyber-attack that severely impacted British retailer Marks & Spencer (M&S), BBC News has learned.
TCS, which has been a key technology partner to M&S for over a decade, is now at the center of the probe after M&S revealed this week that hackers had gained access to its systems through a “third party.” Both TCS and M&S have declined public comment, and it remains unclear when the investigation was initiated.
The Financial Times first reported the potential link, citing individuals close to the inquiry who said the review could conclude by the end of May. The breach has caused massive disruption, taking the M&S website offline since late April. Although the company says online services will return gradually in the coming weeks, full recovery may not be achieved until July.
The financial toll is significant, with M&S estimating losses of up to £300 million due to the incident. The attack has been attributed to a group of English-speaking hackers known as Scattered Spider. Authorities believe the same group may also be behind breaches at Co-op and Harrods, though M&S has so far suffered the greatest impact.
TCS, one of the world’s largest IT services companies with over 607,000 employees globally, has worked on multiple high-profile projects for M&S, including its Sparks customer rewards program. The two companies were jointly awarded Retail Partnership of the Year in 2023. TCS also lists other major UK brands among its clients, such as Co-op, easyJet, Nationwide, and Jaguar Land Rover.
It is not yet known whether TCS's investigation also covers potential links to the Co-op breach. Despite the growing scrutiny, there has been no official confirmation that TCS systems were compromised or misused.
M&S CEO Stuart Machin confirmed earlier this week that the company had been targeted by a “highly sophisticated and targeted” cyber-attack. However, during a media call on Wednesday, he declined to say whether the company had paid any ransom.
As the investigation continues, the incident highlights the vulnerabilities in outsourced IT infrastructure and the growing threat of cyber-attacks targeting large, interconnected businesses.