Cognizant Says Data Was Stolen in April Ransomware Attack

Cognizant Confirms Personal, Financial Information Stolen in April 2020 Ransomware Attack

Technology services giant Cognizant has informed clients that the Maze ransomware attack it suffered in April 2020 resulted in personally identifiable and financial information being stolen. 

The New Jersey-based multinational company provides digital, technology, consulting, and operations services worldwide and has around 300,000 employees globally. 

On April 20, the company discovered that cybercriminals had breached its network and that the Maze ransomware was used to encrypt data on internal systems. 

The incident, Cognizant said at the time, resulted in service disruption for some of its customers, but no information on the number of impacted systems was revealed. 

Details on how the adversary managed to gain access to the company’s network weren’t provided either. However, it appears that the attackers dwelled in the environment for several weeks before actually starting encrypting files. 

On Wednesday, Cognizant filed with Office of the Attorney General of California copies of the notification letters it started sending to the affected customers, revealing that the attackers were able to exfiltrate “a limited amount of data from Cognizant’s systems.”

The professional services company says its investigation into the incident revealed that the data was likely stolen between April 9 and 11. 

“The majority of the personal information that was impacted was information relating to our corporate credit cards. Out of an abundance of caution, we are giving notice to all associates who have an active corporate credit card. All associates who have an active corporate credit card will be offered credit and identity theft monitoring services from ID Experts,” one of the notification letters reads. 

The company also says that it has notified the issuer of the cards of impacted accounts and that monitoring of these accounts for signs of fraudulent activity is ongoing. 

“We have been informed that they have not seen an increase in fraud for our accounts,” Cognizant notes. 

Another notification letter reveals that personally identifiable information (PII) was also exfiltrated in the incident, including names and/or Social Security numbers (and/or other tax identification numbers), financial account information, driver’s license information, and/or passport information. 

“Cognizant is taking this security incident very seriously. We have been cooperating with the Federal Bureau of Investigation in connection with their investigation of the cyber criminals responsible for the attack. In addition to quickly containing the incident, we are also taking various steps to further improve Cognizant’s overall security posture,” the company also says. 

Related: U.S. Semiconductor Maker MaxLinear Discloses Ransomware Attack

Related: Business Services Provider Conduent Hit by Ransomware

Related: Maze Ransomware Caused Disruptions at Cognizant