Tata Consultancy Services (TCS), India’s largest IT firm, has issued a strong denial to a UK media report claiming that TCS lost the contract of $1 billion by British retailer Marks & Spencer (M&S) due to cyberattack failures.
According to NDTV, the company claimed the report to be “misleading” and “factually inaccurate.”
The IT giant clarified that the contract in question was a specific service desk agreement, which it stated to form as an insignificant part of its overall engagement with M&S. The company fully denied that the contract's non-renewal was connected to the cyber incident.
According to the TCS statement, M&S had initiated a “regular competitive RFP (request for proposal) process” for the service desk contract back in January 2025. The retailer's decision to select other partners was made much prior to the cyber incident in April 2025. “These matters are hence clearly unrelated," TCS stated clearly.
The original report had attempted to link the contract's conclusion to a costly cyberattack in April that is expected to cost M&S an estimated 300 million euros in lost operating profit.
TCS further distanced itself from the breach by confirming two crucial facts
TCS does not provide cybersecurity services to M&S. This service is managed by a different vendor.
After the incident, TCS conducted a full scan of its own networks and systems, concluding that no vulnerabilities originated from its end.
M&S itself verified the IT firm’s account. In a separate statement, the retailer confirmed that the tender process for the service desk began in January and that the change has no bearing on their wider TCS relationship.
TCS concluded its filing by mentioning its ongoing relationship with the British retail giant. TCS continues to work on numerous other areas in its role as a strategic partner for M&S and is proud of its longstanding partnership.
