Tata Consultancy Services (TCS) has clarified that its systems and users were not affected in the recent cyberattack on Marks & Spencer (M&S), a popular British retail company.
This is the first official statement from TCS, one of India’s biggest IT companies, about the incident. The cyberattack, which was described as highly advanced and targeted, led to the theft of customer data from M&S and is expected to cause the retailer a loss of about $400 million (around ₹3,300 crore).
At a recent shareholder meeting, TCS board member Keki Mistry said that no TCS systems were involved in the breach. He confirmed, “None of our systems or users were compromised, and none of our other customers were affected.”
TCS has been working with M&S on technology projects and had signed a $1 billion contract with them in 2023 to upgrade their old systems and improve online shopping and supply chain operations.
M&S revealed the cyberattack in April, saying it had to pause online shopping because of the breach. While its physical stores are running normally, online sales in categories like fashion and home products have suffered.
The company expects online services to be disrupted until July as they slowly bring everything back online.
Some reports suggested that hackers might have entered M&S’s systems through third-party service providers, and a hacker group named DragonForce is believed to be behind the attack.
Though TCS was reportedly checking internally whether it could have been a possible entry point, it has now made it clear that its systems were not the cause.
