Tata Consultancy Services’ (TCS) independent director Keki Mistry on Thursday told its shareholders that no TCS systems or users were compromised in a cyberattack on one of its clients.
“As no TCS systems or users were compromised, none of our other customers are impacted,” said Keki Mistry, independent director of TCS, at the annual shareholder meeting, as reported by the news agency Reuters on Thursday, 19 June.
Marks & Spencer (M&S), one of TCS’ decade-long clients, was a victim of a cyberattack, which raised concerns among shareholders about how much TCS, India’s largest IT company, was affected by it.
“The purview of the investigation (of Marks & Spencer) does not include TCS,” Mistry was quoted as saying in the report.
Marks & Spencer cyberattack
According to a BBC report, a group of English-speaking hackers used the illicit service known as DragonForce to carry out the cyber attack on the fashion retail giant Marks & Spencer.
According to the report, Dragonforce operates as a cybercrime service for people to use in exchange for a fee. This service gives people access to malicious software to carry out cyberattacks and demand extortion.
In an email to the news portal, DragonForce claimed responsibility for the cyberattack and demanded payment from the company. The email was sent through the account of an employee working at TCS.
The news portal’s report also confirmed that Marks & Spencer’s head, Stuart Machin, said the hackers got in through “social engineering” as they pretended to be someone trustworthy and tricked the employee into giving out passwords or login access.
Machin said that the attack was carried out through a third party which had access to M&S systems, according to the report.
TCS-M&S relations
The incident marked the first time TCS publicly responded to a cyberattack for a decade-long client, M&S.
However, Marks & Spencer did not respond to the agency’s queries. Livemint couldn’t independently verify the report.
In 2023, TCS reportedly bagged a $1 billion contract to modernise M&S’s technology needs to foster its supply chain and omnichannel sales and increase its online sales.
After the cyber attack, the IT firm is internally investigating the entry point of the cyber attack, as reported by The Financial Times. This incident also reportedly resulted in a loss of operating profit to the extent of nearly 300 million pounds ($403 million).
The cyber attack also disrupted the company’s online services, which can likely be revived by July 2025, according to the agency report.
