Tata Consultancy Services (TCS) has issued a clarification in response to concerns following a cyberattack on one of its long-standing clients, Marks & Spencer (M&S). The company reassured stakeholders that no breach occurred in its own systems and that it is conducting an internal investigation regarding the third-party attack vector.
In an announcement made during its annual shareholder meeting on June 19, 2025, Tata Consultancy Services' independent director Keki Mistry stated that there was no security breach affecting TCS systems or users. “As no TCS systems or users were compromised, none of our other customers are impacted,” Mistry confirmed, as reported by Reuters.
This statement follows rising concern over a reported cyberattack on the UK fashion retail giant Marks & Spencer, with whom TCS has shared a business relationship for over a decade. The IT giant clarified that the current scope of M&S’s probe does not include any TCS infrastructure component.
According to a BBC report, the cyberattack on M&S was orchestrated through a technique known as “social engineering,” where attackers posed as trusted sources to deceive an employee into revealing sensitive login credentials. The cybercrime was reportedly executed through a toolset provided by an illicit service known as DragonForce.
DragonForce operates as a cybercrime-as-a-service platform, offering malicious software and other tools for a fee to carry out attacks and extortion campaigns. The group claimed responsibility for the attack, even sending an extortion email from what appeared to be the account of a TCS employee. However, TCS has strongly denied that any internal systems were used or affected in the attack.
Read More: TCS Introduces New Deployment Policy with Stricter Bench Rules!
Stuart Machin, CEO of Marks & Spencer, addressed the impact of the breach, stating that the attackers managed to infiltrate through a third party with authorised access to certain M&S systems. While Machin did not name TCS directly, media reports have indicated the involvement of individuals linked to TCS based on user accounts exploited during the social engineering attack.
The Financial Times noted that the incident led to a disruption of online services, representing a potential operating profit loss of nearly £300 million ($403 million). Recovery of full digital operation capabilities is expected to be completed by July 2025.
TCS and M&S share a long-standing IT partnership across various domains. In 2023, TCS secured a $1 billion contract aimed at transforming M&S’s technology strategy, including the development of omnichannel capabilities and modernisation of its supply chain infrastructure. This cyberattack marks the first incident during which TCS has publicly addressed security concerns surrounding a client-specific issue.
Despite the breach involving social engineering and a compromised third-party account, TCS reassured investors and customers that its core network and operational architecture remained secure. The clarification aimed to maintain transparency and reinforce the distinction between client-side incidents and service provider security reliability.
On June 20, 2025, Tata Consultancy Services Limited share price opened at ₹3425.00 on NSE, above the previous close of ₹3,424.00. During the day, it surged to ₹3,441.00 and dipped to ₹3,410.90. The stock is trading at ₹3,422.50 as of 11:23 AM. The stock registered a marginal decline of 0.04%.
TCS has firmly reiterated that none of its systems or users were breached in the cyberattack on Marks & Spencer. While the incident stemmed from a third-party access point and involved advanced social engineering tactics, TCS has taken a proactive approach by initiating internal investigations to ensure future incidents are better mitigated. The case underscores growing cybersecurity challenges in third-party collaborations and the importance of reinforcing every layer of digital trust.
Disclaimer: This blog has been written exclusively for educational purposes. The securities or companies mentioned are only examples and not recommendations. This does not constitute a personal recommendation or investment advice. It does not aim to influence any individual or entity to make investment decisions. Recipients should conduct their own research and assessments to form an independent opinion about investment decisions.
Investments in the securities market are subject to market risks. Read all the related documents carefully before investing.
Published on: Jun 20, 2025, 1:21 PM IST
Team Angel One
We're Live on WhatsApp! Join our channel for market insights & updates
Get the link to download the App
