Marks & Spencer (M&S) has ended its contract with Indian technology outsourcing company Tata Consultancy Services (TCS) following the major M&S Cyber Attack earlier this year that disrupted operations and caused estimated losses of £300 million.
The British retailer terminated the deal in July, just months after the M&S Cyber Attack forced it to shut down online sales for several weeks and left many stores struggling with empty shelves. TCS had operated M&S’s technology helpdesk for over a decade. While the Indian firm denied responsibility for the M&S Cyber Attack, the timing of the contract termination has prompted questions about the retailer’s future cybersecurity strategy.
Cyberattack and Investigation
The M&S Cyber Attack, attributed to a hacking group known as Scattered Spider, reportedly began through “social engineering” — a tactic that manipulates individuals into revealing sensitive information. In this case, hackers are believed to have called the technology helpdesk, impersonated senior executives, and requested password resets, gaining unauthorized access to M&S’s internal systems.
M&S Chairman Archie Norman told members of Parliament in July that the attackers used “sophisticated impersonation” involving a third-party service. Following the breach, TCS launched an internal investigation to determine whether its helpdesk systems were exploited. The company later stated it found “no indicators of compromise” within its own network and maintained that the breach occurred within M&S’s internal environment.
Despite TCS’s denial, the M&S Cyber Attack raised concerns among cybersecurity experts and industry observers about potential vulnerabilities in outsourced IT operations.
Cybersecurity and Outsourcing Risks
TCS is one of India’s largest IT services providers, working with numerous UK financial institutions and infrastructure companies. Many UK businesses outsource IT functions to Indian firms to reduce operational costs. However, cybersecurity specialists have cautioned that outsourcing key functions like helpdesk services can create weak points for attackers to exploit.
Kevin Beaumont, a cybersecurity researcher, noted that helpdesk teams often handle multiple clients and follow rigid scripts. “It’s easy to abuse and easy for an operator to make a human error,” he said. Such errors, even unintentional, can provide an entry point for sophisticated hackers to access critical systems — as seen in the M&S Cyber Attack case.
In recent years, companies have faced growing threats from groups using social engineering tactics to target employees and third-party service providers. The M&S Cyber Attack highlights how these attacks can bypass traditional security controls and cause significant financial and reputational damage.
Contract Termination and Future Strategy
M&S confirmed that it had initiated the search for a new technology helpdesk provider in January — before the M&S Cyber Attack occurred. A company spokesperson stated, “As is usual process, we went to market to test for the most suitable product available, ran a thorough process, and instructed a new provider this summer.” The spokesperson emphasized that the decision “has no bearing on our wider TCS relationship.”
TCS also clarified that the helpdesk contract decision was unrelated to the M&S Cyber Attack, adding that it does not provide cybersecurity services to M&S. “TCS continues to work on numerous other areas of engagement in its role as a strategic partner for M&S,” the company said.
As part of its broader technology modernization program, TCS had been working with M&S to simplify systems, manage data centers, and oversee cloud operations. Despite the loss of the helpdesk contract, the two companies continue to collaborate on several ongoing technology initiatives.
Lessons for Businesses
The M&S Cyber Attack underscores a critical challenge for modern enterprises — managing cybersecurity risks across complex supply chains. Outsourced IT services can increase efficiency but also widen the attack surface for cybercriminals. Experts recommend stronger vetting of vendors, continuous monitoring of third-party systems, and advanced employee training to combat social engineering threats.
For M&S, the M&S Cyber Attack has been a costly reminder of the importance of layered security and proactive risk management. As investigations continue, the retailer is expected to reinforce its internal controls and strengthen partnerships focused on cybersecurity resilience.
The M&S Cyber Attack serves as a wake-up call for organizations worldwide: as digital systems grow more interconnected, safeguarding them requires not only robust technology but also heightened awareness of human and third-party vulnerabilities.
Visit CyberPro Magazine For The Most Recent Information.
