Yazılar

India’s TCS Confirms No Systems Compromised in Marks & Spencer Cyberattack

/in /tarafından

Tata Consultancy Services (TCS) stated that none of its systems or users were compromised in the recent cyberattack affecting British retailer Marks & Spencer (M&S), a client of over ten years.

At its annual shareholder meeting, independent director Keki Mistry said, “As no TCS systems or users were compromised, none of our other customers are impacted.” He added that the ongoing investigation into the M&S breach does not involve TCS systems.

This marks the first public comment from India’s largest IT services firm on the cyberattack. M&S did not immediately respond to requests for comment.

TCS provides technology services to M&S and secured a $1 billion contract in early 2023 to modernize the retailer’s legacy technology, focusing on supply chain and omnichannel sales improvements.

The cyberattack, disclosed by M&S in April, is described as “highly sophisticated and targeted.” It is expected to cost M&S approximately £300 million ($403 million) in lost operating profit, with online service disruptions anticipated until July.

Last month, the Financial Times reported that TCS was internally investigating whether its systems were used as a gateway for the cyberattack.

Mistry chaired the shareholder meeting, while Tata Group Chairman N Chandrasekaran was absent due to urgent matters related to a recent Air India plane crash in Ahmedabad, which killed 241 of the 242 passengers onboard.

UBS and Pictet Report Data Leak Following Cyber Attack on Service Provider; Client Data Safe

/in /tarafından

Swiss banks UBS and Pictet disclosed on Wednesday that they were affected by a data leak caused by a cyber attack on their Swiss-based service provider, Chain IQ. Despite the breach, neither bank reported any compromise of client information.

According to Swiss newspaper Le Temps, tens of thousands of UBS employees’ data, including contact details and a direct internal line to UBS CEO Sergio Ermotti, were stolen. Chain IQ, headquartered in Baar, provides services to major firms including KPMG and Mizuho.

UBS confirmed that the incident involved stolen information related to the bank and other companies, emphasizing that no client data was affected. The bank said it responded quickly to mitigate operational impacts.

Chain IQ revealed that the cyber attack targeted it and 19 other companies, with some data published on the darknet. The firm stated that countermeasures were immediately implemented to contain the situation but declined to comment on ransom demands or communications with attackers due to ongoing investigations.

KPMG, listed as a Chain IQ client, said its infrastructure remained unaffected but enhanced its security protocols in response to the breach.

Pictet reported that only invoice-related information involving some of its suppliers, such as technology providers and consultants, was stolen. The private bank reassured that client data remained secure and stressed the importance of strict controls to prevent unauthorized access.

Swiss financial regulator Finma is overseeing the case according to standard procedures.

Cybersecurity expert Ilia Kolochenko of ImmuniWeb warned that breaches at third-party vendors pose a significant risk even to top financial institutions, potentially affecting the long-term trust in Swiss banking.

Suspected Russian Hackers Use Sophisticated New Tactic to Target UK Researcher

/in /tarafından

Suspected Russian hackers deployed a novel and highly convincing tactic to trick British researcher Keir Giles into compromising his own accounts, according to Giles and cybersecurity experts.

Last month, the hackers impersonated a U.S. State Department official named “Claudie Weber” who contacted Giles via email to arrange a meeting requiring use of a secure government app. Although the email came from a Gmail address, the communication was fluent, idiomatic, and included apparent State Department colleagues copied on the exchange. Giles, a seasoned expert on Russia and espionage, was usually wary but was eventually deceived by the professionalism and persistence over nearly two weeks.

Giles provided an app-specific password—a credential that grants third-party app access but can bypass regular password protections—thus exposing his account.

Alphabet’s Google attributed the attack to the Russian government, citing similarities to prior campaigns. The Russian Foreign Ministry did not respond to inquiries. Giles described the operation as seamless, with no obvious red flags even in hindsight.

Cybersecurity researchers from Citizen Lab noted the attack’s fluency might indicate the use of advanced AI, such as large language models, to craft convincing messages—marking a significant upgrade from typical error-ridden phishing attempts. They also pointed out that the hackers exploited the lack of error messages when sending emails to fake State Department addresses.

This sophisticated social engineering attack highlights evolving cyber threats where even cautious experts can be deceived by carefully orchestrated campaigns.

The U.S. State Department did not immediately comment on the incident.