Tata Consultancy Services Says Cyberattack Only Affected Marks and Spencer and Not Other Customers or Systems 

• Tata Consultancy Services said the cyberattack that led to the Marks and Spencer data theft did not affect other company clients.
• Allegedly, the company systems were not compromised in the recent cybersecurity incident. 
• While the DragonForce threat actor claimed the attack last month, no other details on how only M&S was impacted surfaced.

Tata Consultancy Services (TCS), India’s leading IT services company, recently confirmed that its systems and users were not compromised in the cyberattack that affected British retailer Marks & Spencer (M&S). 

The statement was made at TCS's annual shareholder meeting, where independent director Keki Mistry assured stakeholders that no other TCS clients were impacted as the company’s systems remained secure. 

"As no TCS systems or users were compromised, none of our other customers are impacted," Mistry said, according to Reuters.

This clarification comes amidst queries about potential vulnerabilities following M&S's acknowledgment of a “highly sophisticated and targeted” cyberattack earlier this year via a third-party provider with privileged access to the company’s systems. 

Mistry emphasized that the investigation into the M&S breach did not implicate TCS or its operations. This marks the first time TCS publicly addressed its position in relation to the incident as it continues internal reviews to ensure comprehensive security protocols.

The data breach, which disrupted M&S’s online services and resulted in an estimated $403 million in operating profit losses, was previously rumored to have involved TCS systems. 

TCS had secured a $1 billion technology modernization contract with M&S in early 2023, focusing on upgrading legacy systems, supply chains, and omnichannel sales.

The breach was attributed to a group identifying as DragonForce, which in April announced the takeover of the infamous RansomHub ransomware.