Marks & Spencer (M&S) has officially ended its long-standing technology helpdesk partnership with Indian IT giant Tata Consultancy Services (TCS), months after a major cyberattack cost the British retailer an estimated £300 million and temporarily crippled its online operations.
While the timing of the contract termination has drawn attention, both M&S and TCS maintain that the decision to part ways was made months before the attack and was not connected to the breach.
The Cyberattack That Shook M&S
The cyberattack, which struck earlier this year, was attributed to the Scattered Spider group — a well-known cybercrime outfit that has targeted global corporations using advanced social engineering tactics.
The hackers reportedly posed as senior M&S executives, calling the company’s IT helpdesk to manipulate staff into resetting passwords and granting access to secure systems.
This deception allowed attackers to infiltrate M&S’s internal network, leading to weeks of retail disruption, empty store shelves, and a temporary shutdown of online sales.
Archie Norman, M&S Chair, later described the event to UK MPs as a “sophisticated impersonation attack involving a third party.” That statement brought TCS under scrutiny, as its employees operated the retailer’s IT support lines and had authority to approve sensitive password resets.
TCS Investigation Clears Its Network
Following the incident, TCS conducted an internal investigation, concluding that its systems had not been breached.
“We found no indicators of compromise within the TCS network,” the company said, emphasizing that weaknesses in “the client’s own environment” were to blame.
TCS also clarified that it did not provide cybersecurity services to M&S — its role was limited to managing IT support, data centers, and cloud infrastructure.
However, cybersecurity experts warned that outsourcing critical IT functions can introduce risk.
“It’s easy to abuse and easy for an operator to make a human error,” said independent expert Kevin Beaumont. “Even small missteps on a helpdesk can grant attackers the keys to a corporate kingdom.”
Contract End Sparks Scrutiny
According to The Telegraph, M&S officially terminated the TCS helpdesk contract in July 2025, roughly three months after the cyberattack.
However, M&S insists that the move was not reactionary, claiming that a review of IT partners had begun in January, long before the breach.
“As is usual business practice, we went to market to test for the most suitable product available,” an M&S spokesperson said. “The decision has no bearing on our wider relationship with TCS.”
TCS echoed that sentiment, noting that the bidding process for the helpdesk contract started months before the incident.
“TCS does not provide cybersecurity services to Marks & Spencer. This service is handled by another partner,” a company representative said. “TCS continues to work as a strategic partner with M&S on numerous other projects.”
A Decade-Long Partnership
The relationship between M&S and TCS spans over a decade. The pair signed a renewed deal two years ago focused on modernising M&S’s technology systems, with TCS continuing to manage key infrastructure areas like data centers and cloud operations.
Despite the helpdesk contract ending, both companies reaffirmed their ongoing collaboration on other technology initiatives.
Broader Cybersecurity Challenges in the UK
The M&S incident is part of a wider trend of cyberattacks sweeping through UK enterprises in 2025.
-
Jaguar Land Rover suffered a cyber incident in August that disrupted its production and supply chains.
-
Dior confirmed a breach in May affecting customer data from its Fashion and Accessories division.
-
Around the same time, Co-op and Harrods faced similar cyber incidents, though they recovered more swiftly than M&S.
Experts say these incidents reflect a heightened threat landscape, where social engineering and supply-chain attacks are increasingly common.
“Human-based attacks are proving more effective than traditional hacking,” one analyst noted. “Even the most advanced systems can be undone by a single misplaced trust.”
Looking Ahead
While M&S and TCS downplay any link between the cyberattack and their contract split, the timing inevitably invites speculation. For M&S, the decision marks a reset in its IT operations, as it seeks to rebuild trust and resilience following one of the most disruptive cyber incidents in UK retail history.
For TCS, the case serves as a reminder of the reputational risks global IT providers face when clients fall victim to sophisticated cyberattacks — even when they’re not directly responsible.
As UK businesses continue to strengthen their defenses, the M&S breach underscores a sobering reality: in the modern digital economy, security is only as strong as the weakest link in the chain.
.png)
.jpg)
0 Comments