- Marks & Spencer suffered a cyber-incident in April 2025
- Reports claimed the attack was the work of ScatteredSpider
- Tata Consultancy Services is investigating if the attack came from its network
Tata Consultancy Services (TCS), an Indian IT company and part of the massive Tata Group conglomerate, is currently investigating whether the recent cyberattack on Marks & Spencer (M&S) originated from its infrastructure.
In late April 2025, M&S confirmed suffering a “cyber incident” which affected its stores and resulted in changes to store operations.
Later reports said the company had to take some of its systems and processes offline, and was forced to disable contactless and Click and Collect services in stores, since the incident was, in fact, a ransomware attack. Online orders were also halted. The disruption persisted for weeks, M&S’ market capitalization dropped by £1 billion, and customer data was allegedly stolen by the actors.
Targeting Tata
It had been reported the group known as Scattered Spider was behind the ordeal
Now, BBC News reports TCS, which has been servicing M&S for more than a decade, is investigating whether it was the stepping stone to the attack. Right now, both parties are staying silent, but the investigation should wrap up before June 2025.
TCS is part of the large Indian conglomerate Tata Group, which counts more than 100 companies across a wide range of industries. As such, it is a major target for all sorts of cybercriminals, and roughly two years ago, Hive Ransomware struck Tata Power, India’s largest integrated power company. Early this year, Tata Technologies, a global engineering services provider was also attacked.
The attack is reportedly the work of Scattered Spider, a ransomware organization usually targeting UK retailers, financial institutions, technology firms, and entertainment/gambling organizations. The group is not as tightly-knit as organizations such as LockBit or Cl0p.
It is relatively loose, and operates within a larger hacking community known as “the Com”. Its members engage in all kinds of attacks, from social engineering and SIM swapping, to ransomware.
We have reached out to TCS for comment and will update the article if we hear back.
Via BBC
You might also like
- Marks & Spencer outage allegedly linked to ScatteredSpider ransomware attack
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
