Tata Consultancy Services Ltd is testing a set of standardised cybersecurity measures for its largest customers as it looks to limit the impact of cyberattacks similar to the one that recently hit Jaguar Land Rover (JLR), a key client of the IT major. The prolonged breach at the luxury carmaker is estimated to result in losses of up to $1 billion, a Mint report said on Friday.
The cyber incident disrupted vehicle production, led to the exposure of employee data, and has triggered regulatory scrutiny and the risk of legal action against JLR, according to Mint.
To prevent similar fallout for other clients, India's largest IT services company is piloting fixed cybersecurity response frameworks. As reported by Mint, TCS is forming six specialised teams, with a combined strength of about 150 professionals, to run these pilots and test predefined procedures to reduce damage during cyber incidents.
The measures being tested include video-based verification of employees responsible for critical IT support, the use of artificial intelligence tools to monitor hacker movement within systems, and the deployment of additional cybersecurity layers to strengthen network protection, Mint cited people familiar with the developments as saying.
Once validated, the results of these pilots will be showcased to clients and integrated into their IT environments, one of the executives told Mint. TCS did not respond to queries sent by Mint on Wednesday.
The pilots follow a cyberattack on JLR in August that forced a halt in manufacturing operations and compromised personal data of employees and contractors. Mint noted that the incident also caused reputational damage to the Tata Group, as TCS manages JLR's back-end IT systems and both companies are part of the same conglomerate.
JLR confirmed the data leak to Mint, stating that it is in touch with affected individuals and regulators. "From the ongoing forensic investigation, JLR believes that certain data related to current and former JLR employees and contractors was affected by the cyber incident," a company spokesperson told Mint, adding that the carmaker remains engaged with regulators and is reaching out to those impacted.
Mint reported that JLR has also arranged credit access and a dedicated helpline for affected employees and vendors.
TCS had signed a five-year IT transformation deal with JLR in September 2023, valued at $1 billion. The contract covers back-end IT operations, cloud migration, cybersecurity, data services, and application development, Mint noted.
The cyberattack disrupted vehicle production, repairs, and maintenance at several JLR facilities and prompted close oversight from senior Tata Group leadership. Mint reported that the situation was reviewed by TCS chief operating officer Aarthi Subramaniam, along with Tata Sons chief digital officer Aparna Ganesh and Sudeep Mazumdar, vice-president and manufacturing head for TCS UK and Ireland. Weekly updates were provided to Tata Sons chairman Natarajan Chandrasekaran.
TCS chief executive P.B. Balaji acknowledged the financial impact on JLR following the production stoppage. During a post-earnings media briefing, Balaji said the company had booked an exceptional loss of $150 million due to vehicles not being produced during the affected period, Mint reported. He added that further recovery would depend on how quickly production could be ramped up.
For the Mumbai-based IT firm, the JLR episode marked the third cyber incident involving its clients in a year, following attacks on British retailers Marks & Spencer and Co-operative Group Ltd, Mint noted. As with the M&S breach, the JLR attack originated through IT vendors, though TCS management denied that its own systems were the entry point.
Mint also reported that TCS engaged cybersecurity firms Unit 42 of Palo Alto Networks, Google Mandiant, and Fenix24 to respond to the attack and support data recovery efforts.
Saket Modi, co-founder and chief executive of cyber risk quantification firm Safe Security, told Mint that such breaches can lead to class action lawsuits, regulatory penalties, and long-term reputational damage. Modi estimates the overall cost of the JLR fallout at around $1.5 billion, Mint reported.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
