TCS under scanner amid growing cybersecurity pressures after M&S breach

India’s tech giant Tata Consultancy Services (TCS) has launched an internal probe to assess whether vulnerabilities within its systems played a role in the cyberattack that recently hit British retailer Marks & Spencer (M&S), according to a report by the Financial Times. The move marks a critical moment not just for TCS, but for the broader conversation around third-party cybersecurity risks in global outsourcing partnerships.

TCS, which has been a longstanding IT services provider for M&S for over a decade, is reportedly aiming to conclude its investigation by the end of this month. The probe’s findings could have far-reaching implications for how companies evaluate their vendor ecosystems in an era where cyberattacks increasingly exploit third-party access points.

The breach, first disclosed by M&S in April, has already dealt a significant blow to the UK retailer, with estimated losses of £300 million ($404.9 million) in operating profit. The attack also disrupted online operations—a key revenue stream for M&S with full restoration not expected until July.

Neither TCS nor M&S has issued an official statement confirming the link or details, while Reuters reported that both companies declined immediate comment.

The incident highlights the rising scrutiny on IT service providers and the growing accountability they face as cyber threats evolve. With large enterprises relying heavily on outsourced digital infrastructure, even trusted, long-term partners are being reevaluated under a new cybersecurity lens.

As TCS works to identify any potential lapse, the episode raises broader industry questions about the resilience of managed service partnerships and whether companies are adequately prepared to detect, respond to, and recover from breaches originating within their extended digital supply chains.

Read More: Global outage hits Elon Musk’s X; Engineering team cites data center issue