Committee publication · Correspondence · 26 September 2025
Letter to Tata Consultancy Services relating to cyber attacks in the United Kingdom, 26 September 2025
From: Business and Trade Sub-Committee on Economic Security, Arms and Export Controls
Inquiry: UK economic security
Summary
The Business and Trade Committee Chair writes to Tata Consultancy Services (TCS) seeking urgent information about TCS's involvement in cyber attacks affecting Jaguar Land Rover (since 31 August 2025), M&S, and Co-op (April 2025). The letter requests details on TCS's service provider roles, investigation status, UK client numbers, contract values, and presence across 13 government-designated Critical National Infrastructure sectors, with response required by 29 September 2025.
Key findings
- BBC reported M&S cyber attack was triggered by a ransomware email sent using an alleged TCS employee account
- TCS has been conducting an investigation into M&S incident in tandem with M&S, per Financial Times reporting
- Three major UK companies affected by cyber incidents potentially linked to TCS: Jaguar Land Rover, M&S, and Co-op
- Committee seeks clarity on TCS's service scope, investigation status for each incident, and extent of UK operations across critical national infrastructure
Tone
ProceduralTopics
Key actors
Krithi Krithivasan, Tata Consultancy Services, Jaguar Land Rover, M&S, Co-op, Business and Trade Committee
Notable line
“… the M&S cyber attack was triggered by an alleged ransomware email that was "sent apparently using the account of an employee from [TCS]." I also note reporting …”
Key Quotes
“It has been reported by the BBC that the M&S cyber attack was triggered by an alleged ransomware email that was "sent apparently using the account of an employee from [TCS]."”
“A response is requested to this letter as soon as possible, owing to the urgency of the ongoing incident, and no later than 29 September.”
Source · parliament.uk record ↗