Listen to this Post

A Breach That Shook British Retail
In one of the most talked-about corporate cyber incidents of the year, Marks & Spencer (M&S) found itself in the center of a storm after a cyberattack crippled several of its in-store and digital services. While investigations into the origins of the attack continued, speculation began to swirl around Tata Consultancy Services (TCS), the Indian IT giant that had previously handled parts of M&S’s service desk operations. Reports emerged claiming that M&S had dropped TCS following the breach—claims that TCS swiftly and strongly denied.
What Really Happened Between M&S and TCS
According to a report by The Telegraph on October 26, M&S allegedly “ditched” its service desk contract with TCS after the cyberattack, suggesting that the IT firm bore some responsibility for the incident. The narrative implied that the decision was a reaction to the April 2025 attack, which disrupted M&S’s operations and forced it to suspend several digital systems.
However, TCS immediately countered these claims. In a regulatory filing to Indian stock exchanges, the company described The Telegraph’s report as “misleading” and filled with “factual inaccuracies.” TCS clarified that M&S had indeed explored a new service desk contract through a request for proposal (RFP) process earlier in January 2025—but the British retailer had chosen other suppliers well before the cyberattack occurred in April.
“This decision,” TCS emphasized, “was made much prior to the cyber incident,” stressing that the two matters were “clearly unrelated.”
A source familiar with the situation told the Financial Times that TCS had indeed been providing service desk services to M&S before January 2025 but that M&S later selected another vendor through the RFP process. TCS also noted that it continues to maintain several active contracts and collaborations with M&S in other areas, indicating that the companies’ relationship is far from severed.
Clearing the Air on Cybersecurity Responsibility
One of the most critical points of confusion stemmed from whether TCS had any role in managing M&S’s cybersecurity defenses. TCS firmly denied this, stating that it does not provide cybersecurity services to M&S. The company further explained that following an internal investigation in June, it found no evidence that the vulnerabilities exploited in the attack originated from its networks or systems.
In essence, TCS’s position is clear: while it worked with M&S in several IT capacities, it was not responsible for the protection or defense of the retailer’s cybersecurity infrastructure.
The cyberattack, which was later linked to a larger wave of retail-targeted hacks across the UK—including incidents involving Co-op—was described by investigators as a sophisticated breach. Four arrests were reportedly made in connection with these coordinated attacks, highlighting how cybercriminals are increasingly focusing on retail networks, exploiting vendor relationships and digital supply chains.
What Undercode Say:
A Deeper Look at the Corporate Blame Game
When cyberattacks strike, blame often travels faster than facts. In the case of M&S and TCS, the situation illustrates a broader tension between retailers and their outsourced IT providers. The modern supply chain of digital services is complex—contracts, vendors, and third-party systems intertwine in ways that make accountability difficult to pinpoint.
M&S’s decision to shift service desk vendors months before the attack could easily be misinterpreted as reactive punishment if viewed without context. Yet, TCS’s documentation paints a timeline that suggests otherwise. This disconnect between perception and chronology shows how easily misinformation can arise during high-profile security crises.
Media Sensationalism vs. Regulatory Facts
It’s also notable how the media shaped public perception. The Telegraph’s report implied a cause-and-effect relationship without sufficient verification, a reminder that in the digital age, reputational damage can occur long before technical truths surface. TCS’s swift regulatory filing, intended to protect investor confidence, reflects how seriously corporations treat misinformation in cybersecurity reporting.
Cybersecurity as a Corporate Weak Link
From a technical standpoint, the M&S case highlights the vulnerabilities of large retail chains that depend heavily on vendor ecosystems. Attackers today often exploit human or systemic weaknesses in outsourced networks—targeting service desks, third-party credentials, or helpdesk impersonations (a tactic recently used by groups like Scattered Spider).
Even when a vendor is not directly responsible for a breach, their association can still amplify reputational risks. This is precisely what happened to TCS: a reputational aftershock triggered by proximity rather than fault.
Strategic Lessons for Retailers
For corporations like M&S, this event is a costly lesson in vendor management and public communication. In the aftermath of cyber incidents, clarity of responsibility must be established early. Transparency with customers and shareholders—without pointing fingers prematurely—is key to maintaining trust.
The Bigger Picture
Globally, retail cybersecurity is becoming a boardroom issue, not just an IT concern. The convergence of payment systems, supply chains, and customer data creates a perfect storm for hackers seeking financial gain. Even giants like M&S, with decades of brand trust, are discovering that one cyber event can trigger both operational and reputational crises.
TCS’s Reputation and Global Context
For TCS, the denial is not just about defending one contract. It’s about protecting its position as one of the world’s most trusted IT service providers. The company’s response aligns with a global trend among major IT firms to proactively counter misinformation before it erodes client confidence.
In essence, the TCS-M&S controversy underscores how digital relationships are now inseparable from public perception. Every supplier, no matter how peripheral, can become a potential scapegoat in the aftermath of a cyber disaster. The takeaway for corporations is clear: cybersecurity accountability must be embedded into contracts, communication strategies, and crisis response plans.
🔍 Fact Checker Results
✅ TCS confirmed it lost the service desk bid before the April 2025 cyberattack.
✅ TCS’s investigation found no link between its systems and the breach.
❌ The claim that M&S “ditched” TCS because of the attack is inaccurate.
📊 Prediction
🧠 As corporate networks become increasingly interconnected, future cyber incidents are likely to trigger more public blame disputes between vendors and clients.
🔐 Retailers like M&S will invest heavily in in-house cybersecurity teams and clearer vendor accountability clauses.
💬 Expect regulators to tighten disclosure standards for cyberattack reporting, reducing room for speculation in future incidents.
🕵️📝✔️Let’s dive deep and fact‑check.
References:
Reported By: www.infosecurity-magazine.com
Extra Source Hub (Possible Sources for article):
https://www.github.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
Bing
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeNews & Stay Tuned:
𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon




