British multinational retailer Marks & Spencer (M&S) has ended its contract with Tata Consultancy Services (TCS) to run the company’s IT service desk. The move comes months after the Indian IT service provider was investigated following a cyberattack on the UK retailer.
The company, however, continues to use TCS for other technology and IT services. Meanwhile, TCS has also dismissed the cyberattack as the reason for the service termination, saying both matters are “unrelated,” according to the Financial Times.
Marks & Spencer ends TCS IT service desk contract
TCS has been providing services to M&S for more than a decade and is the largest subsidiary of Tata Sons. The IT service desk contract officially ended in July, according to M&S. “TCS provides a number of technology and IT services for M&S, and we value our partnership with the TCS team,” the UK-based retailer said in a statement, according to FT.
“Regarding the IT service desk contract specifically, as is usual process, we went to market to test for the most suitable product available, ran a thorough process and instructed a new provider this summer. This process started in January and this change has no bearing on our wider TCS relationship,” it statement added.
According to sources familiar with the matter, M&S began the process to renew TCS’s contract back in January 2025. This was months before the cyberattack. The retailer, however, decided to proceed with another service provider after completing the process.
TCS stated that the termination of the IT service desk contract and the cyberattack were “clearly unrelated,” FT reported. “The retailer had followed a regular competitive procurement process initiated in January and chose another service provider much prior to the cyber incident in April,” TCS said in a statement.
The clarification comes after a report from The Telegraph, which stated that M&S did not renew a $1 billion contract with TCS due to the cyberattack. In response, TCS slammed the report as “misleading” and clarified that the service desk contract represents only a small part of its overall engagement with M&S.
Responding to questions from Liam Byrne, chair of the House of Commons Business and Trade Select Committee, TCS confirmed that its network had no signs of compromise for M&S, Jaguar Land Rover, or any other clients. The company said it provides services to 211 UK-based clients, including those in the finance, energy, water, and nuclear sectors.
What was the cyberattack case in April 2025
In April 2025, M&S was hit by a cyberattack that forced it to pause online orders and left it with empty shelves in several stores. The attack is expected to reduce the retailer’s operating profits by up to £300 million this year, according to the reports.
The Mumbai-based TCS conducted an internal investigation in June 2025, and later, the company successfully cleared itself of being the source of the breach. M&S Chair Archie Norman later told MPs that hackers had used “sophisticated impersonation” to gain access, “involving a third party.”
