Major Indian IT firm Wipro has been breached by ‘state-sponsored’ hacker

16 Apr 2019

Image: © Syda Productions/Stock.adobe.com

Wipro is India’s third-largest IT outsourcing company and processes billions in revenue each year. Now, it grapples with the impact of a months-long breach, the finer details of which have yet to be fully disclosed.

One of India’s largest IT outsourcing firms, Wipro, has fallen victim to a breach that sources say affected many of its customers’ systems.

The story first broke in an article on KrebsOnSecurity, which details claims from multiple sources that Wipro was dealing with an attack from what was assumed to be a “state-sponsored” hacker.

The sources, both of whom spoke on the condition of anonymity, allege that Wipro’s systems were seen as a jumping-off point for the hackers to target at least a dozen of the company’s customers in a fishing expedition. The outsourcer’s customers who came under attack were able to trace suspicious traffic back to partner systems connected to the Wipro network. Another source further claimed that Wipro is now building a new private email network because bad actors are thought to have infiltrated the Wipro corporate email system.

When questioned, the IT services company only commented on “abnormal activity” in a select few employee accounts. Wipro told The Register: “Upon learning of the incident, we promptly began an investigation, identified the affected users, and took remedial steps to contain and mitigate any potential impact.” The company also said it has teamed up with an independent forensic firm to assist in its investigation of the hack.

Though the affected clients have not been named, Wipro has worked with an array of Fortune 500 companies spread across six continents in sectors such as healthcare, banking, communications and more. It has also provided digital transformation services to multiple levels of US government.

In 2018, Wipro was forced to settle for a staggering $75m after it “botched” a SAP upgrade commissioned by the US National Grid, which provides electricity and gas in Massachusetts, New York and Rhode Island. The state of Nebraska also controversially pulled out of a multimillion dollar contract with Wipro to upgrade the state’s Medicaid enrolment system.

Wipro has development centres dotted around the globe, including in Europe, leading some to wonder whether there could be potential GDPR implications if any personal data from EU customers has been compromised.

The timing of this announcement couldn’t be any worse for the firm as it gears up to present its quarterly earnings today (16 April). Share prices fell by more than 3pc amid the news.

IT outsourcing is a multibillion-dollar industry for India. It put the country on the map as a destination for high-quality, low-cost technology skills, and led to rapid wage inflation.

Yet many argue that it’s a house of cards due to be toppled soon by the combined effects of automation, the rise of populist protectionism and Brexit-induced geopolitical instability.

Eva Short was a journalist at Silicon Republic

editorial@siliconrepublic.com