Tata Consultancy Services (TCS) has renewed its multi-year strategic partnership with Marks & Spencer, reinforcing its position as the retailer’s key technology partner even amid recent cybersecurity challenges faced by M&S.
The extended engagement builds on a partnership spanning more than a decade, highlighting continued trust in TCS’s capabilities to drive large-scale digital transformation. Under the renewed agreement, TCS will support M&S in accelerating its evolution into a data-driven, omnichannel retailer powered by advanced technologies.
TCS will deploy artificial intelligence across critical operations, leveraging its vast AI talent pool and deep retail domain expertise. The initiative is designed to enhance customer experience, improve operational agility, and create a strong digital foundation for long-term growth.
Sacha Berendji, Operations Director at M&S, emphasized that technology transformation remains central to the company’s growth strategy. He noted that extending the partnership with TCS ensures access to advanced AI and digital capabilities required to scale innovation.
Krishnan Ramanujam, President of the Consumer Business Group at TCS, highlighted the significance of the collaboration, stating that TCS’s contextual knowledge of M&S’s business and its enterprise-scale AI capabilities will help deliver sustained value and future readiness.
The deal win is particularly notable as it comes despite cybersecurity-related disruptions at M&S, underlining TCS’s resilience and strong client relationships in navigating complex enterprise environments.
Marks & Spencer faced a major cybersecurity incident in 2025 that evolved into a full-scale ransomware attack, significantly disrupting operations and leading to substantial financial losses. External reports indicate that the attack was linked to a sophisticated cybercrime group that gained access through social engineering tactics, likely exploiting a third-party contractor rather than directly breaching core systems.
The breach resulted in the encryption of critical systems and the exfiltration of sensitive data, forcing M&S to temporarily shut down key digital services, including online ordering and parts of its supply chain infrastructure. This disruption affected both in-store and online operations, with inventory management systems reverting to manual processes, causing product shortages and delays across multiple locations.
The financial impact of the cyberattack has been considerable. Estimates from external sources suggest that M&S incurred losses of around £300 million due to lost sales, operational disruption, and recovery costs. The prolonged outage of its e-commerce platform, a major revenue channel, contributed significantly to this figure, alongside reduced store efficiency and additional spending on cybersecurity response, system restoration, and expert support. The incident also weighed on profitability, with earnings impacted during the affected quarters.
In addition to operational and financial damage, the attack involved unauthorized access to customer data, including personal details such as names, contact information, and order histories. However, the company maintained that payment card details and passwords were not compromised, limiting direct financial risk to customers.
The breach exposed critical gaps in third-party risk management and identity security, underscoring how human factors and vendor access can become primary entry points for advanced cyberattacks. In response, M&S has accelerated investments in cybersecurity, infrastructure modernization, and resilience frameworks to prevent similar incidents in the future.
RAJANI BABURAJAN
