Mon Oct 27 10:20:00 UTC 2025: Here’s a summary of the text, followed by a rewritten news article:
Summary:
Marks & Spencer (M&S) has ended its long-standing IT partnership with Tata Consultancy Services (TCS) following a significant cyberattack earlier this year. The attack, which cost M&S an estimated £300 million, originated through a social engineering attack targeting TCS helpdesk staff, leading to compromised credentials and access to M&S systems. While TCS maintains its systems were not breached and that it doesn’t provide cybersecurity services to M&S, the incident has raised serious questions about vendor risk management, client trust, and the vulnerabilities inherent in complex outsourcing ecosystems. Analysts say the attack cost Marks & Spencer £300 million in lost operating profit for the year, and over £1 billion wiped off market cap. The contract between M&S and TCS will not be renewed. The incident highlights the increasing cyber risks faced by retailers with multiple third-party contractors and elevated access levels, and how social engineering can bypass traditional security measures.
News Article:
M&S Dumps TCS After Costly Cyberattack
London, UK – Marks & Spencer (M&S) has severed ties with Indian IT giant Tata Consultancy Services (TCS) following a devastating cyberattack earlier this year. The breach, which is estimated to have cost the British retailer £300 million, has ignited a firestorm of concerns about vendor security and data protection in the retail sector.
The cyberattack, which forced M&S to suspend its online operations and impacted its supply chain, is believed to have originated from a social engineering scheme targeting TCS helpdesk employees. Hackers impersonated employees, tricking TCS staff into revealing login credentials and resetting passwords and ultimately using these to access M&S systems. The attacker group, identified as Scattered Spider, exploited a vendor route rather than simply breaking into M&S’s perimeter. After gaining initial access, Scattered Spider used a ransomware-as-a-service provider called DragonForce to carry out the attack. The attack involved double extortion, where the hackers stole a copy of M&S’s data before scrambling it. They then demanded a ransom to decrypt the data and to prevent them from leaking the stolen information
TCS, while maintaining that its own systems were not compromised and it doesn’t provide cybersecurity services to M&S, has faced scrutiny for its role in the incident. TCS has publicly maintained that none of its systems or users were compromised and that the breach occurred in the client’s environment. M&S engaged TCS as its technology partner for more than a decade, including a major outsourcing renewal in 2023 aimed at digitising the retailer’s supply-chain, omnichannel and store systems.
Analysts estimate as much as £300 million in lost operating profit for the year, and over £1 billion wiped off market cap.
The fallout highlights the growing vulnerability of retailers relying on complex webs of third-party vendors. Experts warn that help desks are increasingly being targeted by hackers, who exploit human error through social engineering tactics to gain access to sensitive systems.
While M&S insists that the decision to terminate its technology helpdesk and support contract with TCS was made months before the attack and is unrelated, the timing has raised eyebrows across the industry. M&S engaged TCS as its technology partner for more than a decade, including a major outsourcing renewal in 2023 aimed at digitising the retailer’s supply-chain, omnichannel and store systems. M&S confirmed the contract would not be renewed, citing that the competitive procurement process had begun in January—months before the attack. M&S insists the change is unrelated to the breach, and that TCS remains a strategic partner for other technology services.
The incident serves as a stark reminder for retailers to strengthen their vendor risk management practices and prioritize cybersecurity measures, especially when working with third-party providers who have access to their systems. For TCS and other large outsourcers, the message is inescapable: your clients’ cyber-resilience is also your reputational resilience.
First Piper 