India’s TCS Confirms No Systems Compromised in Marks & Spencer Cyberattack

Tata Consultancy Services (TCS) stated that none of its systems or users were compromised in the recent cyberattack affecting British retailer Marks & Spencer (M&S), a client of over ten years.

At its annual shareholder meeting, independent director Keki Mistry said, “As no TCS systems or users were compromised, none of our other customers are impacted.” He added that the ongoing investigation into the M&S breach does not involve TCS systems.

This marks the first public comment from India’s largest IT services firm on the cyberattack. M&S did not immediately respond to requests for comment.

TCS provides technology services to M&S and secured a $1 billion contract in early 2023 to modernize the retailer’s legacy technology, focusing on supply chain and omnichannel sales improvements.

The cyberattack, disclosed by M&S in April, is described as “highly sophisticated and targeted.” It is expected to cost M&S approximately £300 million ($403 million) in lost operating profit, with online service disruptions anticipated until July.

Last month, the Financial Times reported that TCS was internally investigating whether its systems were used as a gateway for the cyberattack.

Mistry chaired the shareholder meeting, while Tata Group Chairman N Chandrasekaran was absent due to urgent matters related to a recent Air India plane crash in Ahmedabad, which killed 241 of the 242 passengers onboard.