Connect with us

Hi, what are you looking for?


Incident Response

Cognizant Says Data Was Stolen in April Ransomware Attack

Cognizant Confirms Personal, Financial Information Stolen in April 2020 Ransomware Attack

Cognizant Confirms Personal, Financial Information Stolen in April 2020 Ransomware Attack

Technology services giant Cognizant has informed clients that the Maze ransomware attack it suffered in April 2020 resulted in personally identifiable and financial information being stolen. 

The New Jersey-based multinational company provides digital, technology, consulting, and operations services worldwide and has around 300,000 employees globally. 

On April 20, the company discovered that cybercriminals had breached its network and that the Maze ransomware was used to encrypt data on internal systems. 

The incident, Cognizant said at the time, resulted in service disruption for some of its customers, but no information on the number of impacted systems was revealed. 

Details on how the adversary managed to gain access to the company’s network weren’t provided either. However, it appears that the attackers dwelled in the environment for several weeks before actually starting encrypting files. 

On Wednesday, Cognizant filed with Office of the Attorney General of California copies of the notification letters it started sending to the affected customers, revealing that the attackers were able to exfiltrate “a limited amount of data from Cognizant’s systems.”

Advertisement. Scroll to continue reading.

The professional services company says its investigation into the incident revealed that the data was likely stolen between April 9 and 11. 

“The majority of the personal information that was impacted was information relating to our corporate credit cards. Out of an abundance of caution, we are giving notice to all associates who have an active corporate credit card. All associates who have an active corporate credit card will be offered credit and identity theft monitoring services from ID Experts,” one of the notification letters reads

The company also says that it has notified the issuer of the cards of impacted accounts and that monitoring of these accounts for signs of fraudulent activity is ongoing. 

“We have been informed that they have not seen an increase in fraud for our accounts,” Cognizant notes. 

Another notification letter reveals that personally identifiable information (PII) was also exfiltrated in the incident, including names and/or Social Security numbers (and/or other tax identification numbers), financial account information, driver’s license information, and/or passport information. 

“Cognizant is taking this security incident very seriously. We have been cooperating with the Federal Bureau of Investigation in connection with their investigation of the cyber criminals responsible for the attack. In addition to quickly containing the incident, we are also taking various steps to further improve Cognizant’s overall security posture,” the company also says. 

Related: U.S. Semiconductor Maker MaxLinear Discloses Ransomware Attack

Related: Business Services Provider Conduent Hit by Ransomware

Related: Maze Ransomware Caused Disruptions at Cognizant

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.