Cyberattack fallout infographic: M&S store with broken links to TCS, hacker impersonating executive; protective shields for verification and controls, with "Secure Outsourcing" warning banner over a partnership handshake.

British retailer Marks & Spencer terminated its helpdesk contract with Tata Consultancy Services (TCS) in July 2025, following a ₹3,200 crore cyberattack by Scattered Spider using social engineering to impersonate executives and reset passwords. The breach disrupted online operations and store supplies.

WinRAR CVE-2025-8088 vulnerabilityWinRAR CVE-2025-8088 vulnerability

TCS denies fault, stating the breach occurred in M&S's environment with no compromise in its network. Despite a decade-long partnership worth ₹8,300 crore, M&S was already seeking a new provider, and TCS continues managing data centers.

Cyberattack fallout infographic: M&S store with broken links to TCS, hacker impersonating executive; protective shields for verification and controls, with "Secure Outsourcing" warning banner over a partnership handshake.Cyberattack fallout infographic: M&S store with broken links to TCS, hacker impersonating executive; protective shields for verification and controls, with "Secure Outsourcing" warning banner over a partnership handshake.

This highlights outsourcing risks in cybersecurity—companies should enhance verification, controls, and vendor accountability to prevent similar incidents.


NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security