Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Cognizant Says Data Was Stolen in April Ransomware Attack

Cognizant Confirms Personal, Financial Information Stolen in April 2020 Ransomware Attack

Cognizant Confirms Personal, Financial Information Stolen in April 2020 Ransomware Attack

Technology services giant Cognizant has informed clients that the Maze ransomware attack it suffered in April 2020 resulted in personally identifiable and financial information being stolen. 

The New Jersey-based multinational company provides digital, technology, consulting, and operations services worldwide and has around 300,000 employees globally. 

On April 20, the company discovered that cybercriminals had breached its network and that the Maze ransomware was used to encrypt data on internal systems. 

The incident, Cognizant said at the time, resulted in service disruption for some of its customers, but no information on the number of impacted systems was revealed. 

Details on how the adversary managed to gain access to the company’s network weren’t provided either. However, it appears that the attackers dwelled in the environment for several weeks before actually starting encrypting files. 

On Wednesday, Cognizant filed with Office of the Attorney General of California copies of the notification letters it started sending to the affected customers, revealing that the attackers were able to exfiltrate “a limited amount of data from Cognizant’s systems.”

The professional services company says its investigation into the incident revealed that the data was likely stolen between April 9 and 11. 

Advertisement. Scroll to continue reading.

“The majority of the personal information that was impacted was information relating to our corporate credit cards. Out of an abundance of caution, we are giving notice to all associates who have an active corporate credit card. All associates who have an active corporate credit card will be offered credit and identity theft monitoring services from ID Experts,” one of the notification letters reads

The company also says that it has notified the issuer of the cards of impacted accounts and that monitoring of these accounts for signs of fraudulent activity is ongoing. 

“We have been informed that they have not seen an increase in fraud for our accounts,” Cognizant notes. 

Another notification letter reveals that personally identifiable information (PII) was also exfiltrated in the incident, including names and/or Social Security numbers (and/or other tax identification numbers), financial account information, driver’s license information, and/or passport information. 

“Cognizant is taking this security incident very seriously. We have been cooperating with the Federal Bureau of Investigation in connection with their investigation of the cyber criminals responsible for the attack. In addition to quickly containing the incident, we are also taking various steps to further improve Cognizant’s overall security posture,” the company also says. 

Related: U.S. Semiconductor Maker MaxLinear Discloses Ransomware Attack

Related: Business Services Provider Conduent Hit by Ransomware

Related: Maze Ransomware Caused Disruptions at Cognizant

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Wendi Whitmore has taken the role of Chief Security Intelligence Officer at Palo Alto Networks.

Phil Venables, former CISO of Google Cloud, has joined Ballistic Ventures as a Venture Partner.

David Currie, former CISO of Nubank and Klarna, has been appointed CEO of Vaultree.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.