- TCS says none of its systems or users were affected by brands and spencer -attack
- M&S was hit by a larger cyberattack earlier in 2025
- TCS promised a study but has so far offered little information
The third -party provider, which many have blamed for the great cyber attack against Marks and Spencer (M&S), has revealed its first conclusions of an internal investigation into his role in the incident.
Tata Consultancy Services (TCS) has said none of its “systems or users were compromised” as part of Cyberattack.
“Since no TCS systems or users were compromised, none of our other customers are affected” Independent director Keki Mistry told his annual shareholder meeting, Pakinomist Reports.
Tcs -role and study
M&S was apparently hit by the attack on April 22 and revealed news about the incident several days later.
After an initial probe, experts suggested that attackers were able to break into their systems by compromising workers at TCS, who have provided third -party services to M&S for over a decade on Sparks, the retailer’s customer rewarding scheme.
In 2023, TCS also reportedly secured a $ 1 billion contract to modernize M&S’s Legacy technology across its supply chain and Omni-channel sales with the aim of increasing online sales.
TCS, part of the massive Tata group conglomerate, was reported to conduct a full investigation, but has been quiet until this unexpected (and short) publicity.
M&S has predicted that the attack could cost it around £ 300 million in lost operating profit in its financial year.
It was recently revealed that the hackers contacted M&S CEO Stuart Machin in a mocking E -mail the day after the attack and demanded payment for the attack.
This E email was sent from the Dragonforce Hacking Collective, which performs such attacks in return for payment or reward from other parties in exchange for a reduction of ransom.
M&S has not confirmed if it paid a ransom to the hackers, but admitted that some customer data was stolen in the attack. This did not include passwords or card or payment information, but home address, phone numbers and birth dates may have been affected.
Anyone who related to their data may have been taken, we recommend using a dark web surveillance service or using a violation monitor that I have been pwned to check for potential exposures.
TCS has not yet answered a Techradar Pro request for Comment.
