TCS Investigates M&S Cyberattack Origin

An investigation is underway to determine if a recent cyberattack on Marks & Spencer originated from the network of Tata Consultancy Services (TCS). TCS, an Indian IT company that provides services to M&S, is part of the large Tata Group conglomerate.

Marks & Spencer confirmed in late April 2025 that it had suffered a cyber incident. This incident affected operations in its stores. The company reportedly had to take some systems offline, leading to disruptions in services such as contactless payments and Click and Collect. Online orders were also halted. The disruption continued for several weeks. Following the incident, M&S’s market value dropped by £1 billion. It is also alleged that customer data was stolen by those responsible for the attack.

Reports indicated that the group known as Scattered Spider was behind the cyberattack. Scattered Spider is a ransomware organization that typically targets retailers, financial firms, technology companies, and entertainment/gambling organizations in the UK. The group is described as relatively loose and operates within a wider hacking community. Its members are known to use methods including social engineering, SIM swapping, and ransomware.

The investigation by TCS is expected to be completed before June 2025. The Tata Group, of which TCS is a part, is a significant target for cybercriminals, with other parts of the conglomerate having faced attacks in the past.