Tata Consultancy Services has publicly denied that any of its systems were compromised in the cyber attack that disrupted Marks & Spencer operations and led to customer data theft at the British retailer.

"As no TCS systems or users were compromised, none of our other customers are impacted," independent director Keki Mistry told the company's annual shareholder meeting on Thursday. "The purview of the investigation does not include TCS."

This marks the first time India's largest IT services company has publicly commented on the cyber hack that has cost M&S an estimated £300 million in lost operating profit this year.

TCS has been a technology services provider for the British retailer for more than a decade and won a $1 billion contract in early 2023 to modernise M&S's legacy technology systems, particularly around supply chain and omni-channel sales operations.

The Financial Times had previously reported that TCS was internally investigating whether it served as the gateway for the cyber attack, which M&S described as "highly sophisticated and targeted."

Mistry presided as chairman at the annual shareholder meeting as Tata Group chairman N Chandrasekaran was absent due to "exigencies," following last week's Air India plane crash in Ahmedabad that killed all but one of the 242 people on board.

The cyber attack began over the Easter weekend and forced M&S to shut down its online operations for six weeks, with the retailer only partially resuming internet orders on Tuesday. The disruption affected fashion sales specifically, with beauty and homeware services still unavailable.

M&S has faced significant challenges in restoring normal operations, with customers reporting stock shortages and delivery delays of up to 10 days. Data firm GlobalData estimates the retailer lost up to £130 million in online clothing sales during the website downtime.

"I attempted to order some jeans last night, but by the time I finished adding things to my basket, my size was gone," said customer Kirsten Jones. "Stock is pretty low, I think I'm just going to wait until business is back to normal."

The attack's timing proved particularly costly as it occurred too late for M&S to cancel spring and summer clothing orders with suppliers. Retail analysts warn that full normalisation of services may not occur until August.

The incident has also involved the theft of personal information relating to thousands of M&S customers, adding to the retailer's recovery challenges.

---