Buzzapp Master 
(Image credit: Shutterstock)
Marks & Spencer suffered a cyber-incident in April 2025Reports claimed the attack was the work of ScatteredSpiderTata Consultancy Services is investigating if the attack came from its networkTata Consultancy Services (TCS), an Indian IT company and part of the massive Tata Group conglomerate, is currently investigating whether the recent cyberattack on Marks & Spencer (M&S) originated from its infrastructure.
In late April 2025, M&S confirmed suffering a “cyber incident” which affected its stores and resulted in changes to store operations.
Later reports said the company had to take some of its systems and processes offline, and was forced to disable contactless and Click and Collect services in stores, since the incident was, in fact, a ransomware attack. Online orders were also halted. The disruption persisted for weeks, M&S’ market capitalization dropped by £1 billion, and customer data was allegedly stolen by the actors.
Targeting TataIt had been reported the group known as Scattered Spider was behind the ordeal
Now, BBC News reports TCS, which has been servicing M&S for more than a decade, is investigating whether it was the stepping stone to the attack. Right now, both parties are staying silent, but the investigation should wrap up before June 2025.
TCS is part of the large Indian conglomerate Tata Group, which counts more than 100 companies across a wide range of industries. As such, it is a major target for all sorts of cybercriminals, and roughly two years ago, Hive Ransomware struck Tata Power, India’s largest integrated power company. Early this year, Tata Technologies, a global engineering services provider was also attacked.
The attack is reportedly the work of Scattered Spider, a ransomware organization usually targeting UK retailers, financial institutions, technology firms, and entertainment/gambling organizations. The group is not as tightly-knit as organizations such as LockBit or Cl0p.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
It is relatively loose, and operates within a larger hacking community known as “the Com”. Its members engage in all kinds of attacks, from social engineering and SIM swapping, to ransomware.
We have reached out to TCS for comment and will update the article if we hear back.
Via BBC
You might also likeMarks & Spencer outage allegedly linked to ScatteredSpider ransomware attackTake a look at our guide to the best authenticator appWe’ve rounded up the best password managers
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
GIPHY App Key not set. Please check settings