Hacking, Ransom, Lawsuits: Why Social Engineering is TCS and Cognizant’s Latest Headache
Social engineering attacks are becoming the biggest cybersecurity challenge for global IT service providers like Tata Consultancy Services (TCS) and Cognizant. By manipulating employees, contractors, and vendors, hackers bypass technical defenses and infiltrate trusted systems. The result: ransomware, ransom demands sent from real corporate accounts, lawsuits from clients, and reputational fallout. With massive client footprints and privileged access, IT services firms are now high-value targets for cybercriminals. Defending against social engineering requires a layered strategy of vendor risk management, Zero Trust architecture, continuous awareness training, and advanced detection capabilities.
Social engineering attacks often bypass technical defenses by targeting people and trusted relationships.
Introduction
Cybersecurity defenses have evolved over decades, but hackers have found a weak point that technology alone cannot fully protect—people. Social engineering attacks target human psychology, trust, and access privileges to gain control of enterprise systems.
Recent incidents involving TCS and Cognizant reveal how attackers are exploiting IT outsourcing relationships to launch sophisticated breaches. For Indian IT giants that manage critical systems for Fortune 500 companies, these breaches don’t just mean technical compromise—they mean global business risk, lawsuits, and reputational damage.
Third-party vendor access can become a hidden vulnerability for large enterprises.
Key Question
Why are social engineering attacks so effective against IT service providers like TCS and Cognizant, and what can enterprises do to reduce this growing risk?
Background and Current Landscape
On April 23, 2025, UK retailer Marks & Spencer (M&S) was hit by a crippling ransomware attack. During the incident, CEO Stuart Manchin received a profanity-laced ransom email, shockingly sent from a verified M&S corporate email address. But the sender was not an M&S insider—it was traced back to a contractor employed by TCS, the IT services provider for M&S.
This attack revealed the hidden vulnerability of outsourced IT services: contractors and vendor employees often hold privileged access to enterprise systems. Once compromised, attackers can operate under the guise of trusted insiders.
And this isn’t an isolated case. In the U.S., Clorox filed a lawsuit against Cognizant after a ransomware-linked breach allegedly tied to contractor misuse of access. These examples highlight how social engineering, coupled with third-party risk, is reshaping enterprise cybersecurity.
In-Depth Technical Overview
a. Mechanism / How It Works
Social engineering attacks exploit human trust and organizational dependencies. Instead of directly breaking into a system, attackers manipulate insiders—employees, vendors, or contractors—who already have access.
**The mechanics often look like this:**
1. **Reconnaissance:** Hackers research contractors, employees, and vendor-client relationships using LinkedIn, breaches, or leaked credentials.
2. **Initial Contact:** Attackers send convincing phishing emails, phone calls, or even direct messages posing as legitimate stakeholders.
3. **Exploitation:** Once an insider is compromised, attackers leverage their real, privileged access to move laterally, send emails, or execute ransomware.
4. **Amplification:** Because the communication originates from trusted corporate accounts, ransom demands and malicious activities carry far more credibility.
b. Attack Vectors / Techniques
Key methods used in recent attacks include:
- **Compromised Contractor Accounts:** Vendor employees with access to client systems become entry points for ransomware groups.
- **BEC with Authentic Accounts:** Instead of spoofed emails, hackers use real corporate inboxes to send ransom demands, making detection extremely difficult.
- **Privilege Escalation via Vendors:** Attackers exploit weak access controls in outsourcing arrangements to gain high-level permissions.
- **Social Manipulation of Contractors:** Outsourced staff may be more vulnerable to phishing and social pressure, especially when distributed globally.
- **Supply Chain Ripple Effects:** A single compromised IT vendor account can affect dozens of client enterprises across industries.
c. Tools and Frameworks
Attackers are using both off-the-shelf and custom tools to enable these breaches:
- **Phishing Kits and Email Spoofers:** To harvest credentials from contractors.
- **Ransomware-as-a-Service (RaaS):** Affiliate programs that let criminal groups rent powerful ransomware.
- **Dark Web Marketplaces:** Where stolen vendor credentials are traded.
- **AI-based Impersonation:** Tools that generate emails, chats, or even synthetic voices mimicking executives.
**On the defensive side, organizations are responding with:**
- **Zero Trust Architectures:** Enforcing least privilege and continuous authentication.
- **Behavioral Analytics:** Identifying unusual access patterns from vendor accounts.
- **Privileged Access Management (PAM):** Controlling and monitoring contractor permissions.
- **Vendor Risk Platforms:** Continuously assessing third-party cybersecurity posture.
d. Impact and Consequences
The consequences for enterprises—and their IT vendors—are severe:
- **Operational Downtime:** Ransomware can cripple entire infrastructures, halting business operations for days or weeks.
- **Financial Losses:** Ransom payments, incident response costs, and business disruption run into millions.
- **Legal Liability:** Clients are suing IT vendors for damages caused by breaches linked to their employees or contractors.
- **Reputational Harm:** Trust is a critical currency for IT services firms; breaches can erode client confidence across the globe.
- **Regulatory Fallout:** With GDPR, India’s DPDP Act, and U.S. cybersecurity regulations, mishandling third-party access can lead to heavy fines.
Vendor Access as a Cybersecurity Risk
Third-party vendor access is emerging as one of the most dangerous vulnerabilities in enterprise security. For IT service providers like TCS and Cognizant, their trusted role in client ecosystems makes them especially attractive to attackers.
**Why Indian IT Firms Are Targeted:**
- Massive Client Footprints
- Privileged Access
- Global Operations
How Enterprises Can Defend Against Social Engineering
1. **Tighten Third-Party Access Controls**
Implement strict access policies, enforce least privilege, and continuously monitor vendor account activity. Zero Trust principles help limit lateral movement.
2. **Comprehensive Awareness Training**
Contractors and employees must be trained regularly on phishing, impersonation, and insider threat detection.
3. **Advanced Email and Account Security**
Deploy anomaly detection and identity verification tools to flag suspicious use of legitimate accounts.
4. **Privileged Access Management (PAM)**
Use session monitoring, time-bound access, and just-in-time provisioning to minimize risks from vendor accounts.
5. **Incident Response Playbooks**
Predefined response plans for social engineering incidents reduce downtime and damage.
HacFy Insights / Expert Commentary
The cases involving TCS and Cognizant reveal a critical truth: technology cannot protect enterprises if trust is exploited. Social engineering attacks are not just about tricking individuals—they target organizational dependencies, vendor-client trust models, and global IT outsourcing structures.
Enterprises must recognize that vendor cybersecurity **is** their cybersecurity. Building resilience requires shared responsibility, stronger oversight of third parties, and cultural change to make security awareness a top priority across all stakeholders.
Conclusion
The TCS and Cognizant incidents demonstrate how social engineering is evolving into one of the most dangerous cyber threats for global enterprises. Attackers no longer rely solely on malware or brute force—they exploit people, trust, and access privileges.
As ransomware groups shift toward social engineering-driven campaigns, the focus must move from securing only technology to also securing processes, relationships, and human behavior. Enterprises that embrace Zero Trust, vendor oversight, and continuous awareness training will be best positioned to withstand this new era of attacks.
Call to Action (CTA)
**Stay Protected in a World of Human-Targeted Cyberattacks.**
Follow HacFy for expert analysis, case studies, and defense strategies to protect your enterprise from the growing threat of social engineering.
Related Articles
Phishing has transformed from simple email scams into sophisticated, AI-powered social engineering campaigns. Explore its evolution, why it remains so effective, and how to protect your organization in 2024.
A new wave of Noodlophile malware attacks is spreading worldwide — this time using fake copyright infringement notices to trick businesses. Here’s how the campaign works and what you need to know to stay safe.
The U.S. Department of Justice has seized over $2.8 million in cryptocurrency from a suspected Zeppelin ransomware operator. Here’s how the takedown unfolded and why seizing cybercrime proceeds matters.