TCS asserts clean bill amid M&S cyber breach fallout

Tata Consultancy Services confirmed its systems and user infrastructure remain uncompromised following the cyberattack that struck the retailer Marks & Spencer. At its annual shareholder meeting on 19 June, independent director Keki Mistry emphasised, “As no TCS systems or users were compromised, none of our other customers are impacted,” noting the ongoing M&S investigation does not extend to TCS systems.

M&S, which disclosed the cyber incident in April, continues to navigate significant disruption. The attack, attributed to the “highly sophisticated and targeted” Scattered Spider hacking group, reportedly utilised stolen help‑desk credentials from a TCS contractor. This led to the theft of personal data and forced the retailer to suspend online clothing sales for weeks—their online operations remain impaired, with recovery expected to extend into July.

Financial impact estimates remain stark. M&S anticipates a £300 million loss in operating profit, with weekly losses highlighted at approximately £40 million spanning clothing and food services. The retailer has drawn on its robust financial footing—boasting over £400 million in net funds before the incident—to support recovery measures. Insurance claims and cost containment strategies aim to offset roughly half of the losses.

ADVERTISEMENT

The attack’s disruption extended to in‑store services, including payment systems and “meal‑deal” availability at stations, where stocks dwindled and meal‑deal offers were suspended. M&S CEO Stuart Machin described the incident as triggered by human error, stating that attackers duped a contractor’s help‑desk staff via social engineering tactics. Although M&S has not disclosed ransom payment details, hackers reportedly issued a ransom demand to Machin directly, claiming ransomware deployment across the retailer’s servers.

TCS had been internally probing whether its systems served as the breach gateway, an inquiry reportedly scheduled for completion by the end of May. With Mistry’s public assurance, TCS now distances itself from fault, while confirming its services to other clients—including the UK Co‑op—remained unaffected.

Beyond TCS, UK retailers Co‑op and Harrods have suffered similar breaches in recent weeks, prompting government authorities to call cybercrime “serious organised crime” and urge businesses to elevate cybersecurity priorities. The National Cyber Security Centre is rolling out new software security guidance for the sector.

M&S leadership has kick‑started accelerated IT modernisation, fast‑tracking system upgrades they had planned over two years into the next six months to strengthen defences. CEO Machin reaffirmed the retailer’s resilience, underlining transparency in communication and ongoing support to customers during the disruption.

While TCS’s reassurance quells immediate concerns among its client base, reputational challenges linger. Cybersecurity analysts warn that such high‑profile breaches erode trust in outsourcing vendors. Mumbai‑based brokerage Nirmal Bang commented that linkage to the attack would be “quite embarrassing” for TCS.

TCS’s absence of any formal probe initiation by regulators signals regulatory leniency. However, this episode spotlights the vulnerabilities inherent in third‑party access chains. As M&S works to restore its online footprint and TCS reaffirms its integrity, both firms face ongoing scrutiny over their cybersecurity governance.


Notice an issue?

Arabian Post strives to deliver the most accurate and reliable information to its readers. If you believe you have identified an error or inconsistency in this article, please don't hesitate to contact our editorial team at editor[at]thearabianpost[dot]com. We are committed to promptly addressing any concerns and ensuring the highest level of journalistic integrity.


ADVERTISEMENT
Just in:
Coffee Chains Join Bitcoin Mania with Bold Treasury Moves // Qingzhen’s Zhanjie Town Leverages Ecological Resources to Drive Industrial Upgrading and Integrate Culture and Tourism for Rural Revitalization // Entrepreneurs Turn to Harsh AI ‘Red Teamers’ to Stress‑Test Ideas // Results of the ixCrypto Index Series Quarterly Review (2025 Q2) & IX Digital Asset Industry Index Series Half Yearly Review (2025 1H) // MCP Ignites AI Agent Revolution Amid Looming Security Quagmire // Musk Alleges Grok Was Misled and Predicts Tech Breakthroughs // BRICS Pledge Cooperation, Not Confrontation With U.S. // Abu Dhabi’s Masdar and Iberdrola Back £5 Billion UK Offshore Wind Venture // Celebratory 911 Club Coupe Marks Half-Century Porsche Partnership // Sharjah Elevates Real‑Estate Platform with New Digital Portal // Stonepeak Secures Strategic Co-Control of IFCO Stake // TÜV SÜD Appoints Interim Leadership Following CEO Transition // Meta pixel ruling marks watershed in EU data privacy // Dong Yuhui’s Fujian Journey: The Sea’s Lesson – 30% Destiny, 70% Determination // MENA Investment Banking Fees Slip Amid Equity Underwriting Lull // Galaxy AI Elevates On‑Device Intelligence with Privacy at Core // Can India Emerge As The Trusted Leader Of Global South Like Earlier Years? // UAE Hits Milestone with EU Delisting From High‑Risk Financial Watchlist // Tokyo Real Estate Set for $75 Million Blockchain Shake‑Up // OPEC+ Eyes Pause in Production Rises After September Surge //