Cognizant Confirms Personal, Financial Information Stolen in April 2020 Ransomware Attack
Technology services giant Cognizant has informed clients that the Maze ransomware attack it suffered in April 2020 resulted in personally identifiable and financial information being stolen.
The New Jersey-based multinational company provides digital, technology, consulting, and operations services worldwide and has around 300,000 employees globally.
On April 20, services provider discovered that cybercriminals had breached its network and that the Maze ransomware was used to encrypt data on internal systems.
The incident, Cognizant said at the time, resulted in service disruption for some of its customers, but no information on the number of impacted systems was revealed.
Details on how the adversary managed to gain access to the company’s network weren’t provided either. However, it appears that the attackers dwelled in the environment for several weeks before actually starting encrypting files.
On Wednesday, Cognizant filed with Office of the Attorney General of California copies of the notification letters it started sending to the affected customers, revealing that the attackers were able to exfiltrated “a limited amount of data from Cognizant’s systems.”
The professional services company says that its investigation into the incident revealed that the data was likely stolen between April 9 and 11.
“The majority of the personal information that was impacted was information relating to our corporate credit cards. Out of an abundance of caution, we are giving notice to all associates who have an active corporate credit card. All associates who have an active corporate credit card will be offered credit and identity theft monitoring services from ID Experts,” one of the notification letters cognizant stolen april ransomware attack
