In April the information technologies services giant Cognizant Technology was hit by Maze Ransomware operators.
Cognizant is an American multinational corporation that provides IT services, it is one of the largest IT managed services company in the world with over $16 billion in revenue.
Immediately after the attack, the company sent a security breach notification mail to its clients and shared IoCs related to the threat that affected its systems. At the time, the company states that threat actors did not exfiltrate any customer’s information.
The IOCs provided by the company are associated with past infections attributed to the Maze Ransomware crew, it included IP addresses of servers and file hashes for the kepstl32.dll, memes.tmp, and maze.dll files.
Now the company informed its customers that the threat actors also stole personally identifiable and financial information before encrypting the files.
Cognizant did not disclose details about the cyber attack, but experts speculate the threat actors gained access to the target networks for several weeks before starting encrypting files.
This week, Cognizant reported to the Office of the Attorney General of California that intruders were able to exfiltrated “a limited amount of data from Cognizant’s systems.”
Attackers have stolen personal identifiable information (PII), including names and/or Social Security numbers (and/or other tax identification numbers), financial account information, driver’s license information, and/or passport information.
“We recently discovered that Cognizant was the victim of a ransomware attack carried out by international cyber criminals. On April 20, 2020, Cognizant learned that the attackers staged and likely exfiltrated a
limited amount of data from Cognizant’s systems. Based on our investigation, we understand that this activity occurred between April 9 and 11.” reads the notice of data breach.
“The majority of the personal information that was impacted was information relating to our corporate credit cards. Out of an abundance of caution, we are giving notice to all associates who have an active corporate credit card.”
The company offers credit and identity theft monitoring services from ID Experts to all associates who have an active corporate credit card.
The company also notified the issuer of the cards of impacted accounts.
“We have been informed that they have not seen an increase in fraud for our accounts,” Cognizant notes.
Another notification letter reveals that personal identifiable information (PII) was also exfiltrated in the incident, including names and/or Social Security numbers (and/or other tax identification numbers), financial account information, driver’s license information, and/or passport information.
Cognizant announced it is taking various steps to further improve its cyber security posture.
(SecurityAffairs – Cognizant, Maze ransomware)