Cognizant admitted data breach in April Ransomware Attack

In April the information technologies services giant Cognizant Technology suffered a ransomware attack, now it has confirmed also a data breach.

In April the information technologies services giant Cognizant Technology was hit by Maze Ransomware operators.

Cognizant is an American multinational corporation that provides IT services, it is one of the largest IT managed services company in the world with over $16 billion in revenue.

Immediately after the attack, the company sent a security breach notification mail to its clients and shared IoCs related to the threat that affected its systems. At the time, the company states that threat actors did not exfiltrate any customer’s information.

The IOCs provided by the company are associated with past infections attributed to the Maze Ransomware crew, it included IP addresses of servers and file hashes for the kepstl32.dll, memes.tmp, and maze.dll files.

Now the company informed its customers that the threat actors also stole personally identifiable and financial information before encrypting the files.

Cognizant did not disclose details about the cyber attack, but experts speculate the threat actors gained access to the target networks for several weeks before starting encrypting files. 

This week, Cognizant reported to the Office of the Attorney General of California that intruders were able to exfiltrated “a limited amount of data from Cognizant’s systems.”

Attackers have stolen personal identifiable information (PII), including names and/or Social Security numbers (and/or other tax identification numbers), financial account information, driver’s license information, and/or passport information. 

“We recently discovered that Cognizant was the victim of a ransomware attack carried out by international cyber criminals. On April 20, 2020, Cognizant learned that the attackers staged and likely exfiltrated a
limited amount of data from Cognizant’s systems. Based on our investigation, we understand that this activity occurred between April 9 and 11.” reads the notice of data breach.

“The majority of the personal information that was impacted was information relating to our corporate credit cards. Out of an abundance of caution, we are giving notice to all associates who have an active corporate credit card.”

The company offers credit and identity theft monitoring services from ID Experts to all associates who have an active corporate credit card.

The company also notified the issuer of the cards of impacted accounts.

“We have been informed that they have not seen an increase in fraud for our accounts,” Cognizant notes. 

Another notification letter reveals that personal identifiable information (PII) was also exfiltrated in the incident, including names and/or Social Security numbers (and/or other tax identification numbers), financial account information, driver’s license information, and/or passport information. 

Cognizant announced it is taking various steps to further improve its cyber security posture. 

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Cognizant, Maze ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini: Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

This website uses cookies.