The cyber criminals who hit Cognizant in early 2020 gained access to a treasure trove of information, according to two letters Cognizant filed with California state regulators.
The attackers “exfiltrated” data related to employees' corporate credit cards among other personal data including Social Security numbers, tax IDs, financial account information, and driver’s license and passport details.
While the two letters read largely the same, one letter is addressed to Cognizant employees and talks about the theft of personal information related to company credit cards. The second letter is addressed to individuals impacted.
“We have determined that the personal information involved in this incident included your name and one or more of: your Social Security number and/or other tax identification number, financial account information, driver’s license information, and/or passport information,” the letter stated.
The company said on 18 April that it had been hit with what it suspected was Maze ransomware. According to several security experts, Maze is a relatively new form of ransomware that is particularly insidious as it steals data as well as crypto-locks it behind a password, meaning private data is left in the hands of cybercriminals with only their word that it will remain confidential.
Cognizant said on April 20 it learned the cybercriminals “exflitrated limited amount of data.” The company said a later investigation discovered the attackers likely stole the data between 9 April and 11 April.
“The majority of the personal information that was impacted was information relating to our corporate credit cards,” according to a letter signed by Cognizant chief people officer Becky Schmitt.
“Out of an abundance of caution, we are giving notice to all associates who have an active corporate credit card.”
Cognizant apologised to employees and others hit. It is offering 12 months of free identity theft and dark web monitoring from ID Experts to those with corporate credit cards, as well as any other person whose data was stolen.
In its letters, the company said the FBI is investigating who carried out the attack while Cognizant is working to improve its own security posture.
In both letters, Cognizant said it has “no reason to believe that any fraudulent activity has been carried out on the accounts.” However, the company is warning victims to stay on guard.
“You should always remain vigilant for incidents of fraud and identity theft, including by regularly reviewing your account statements and monitoring free credit reports,” the letter stated.
“If you discover any suspicious or unusual activity on your accounts or suspect identity theft or fraud, be sure to report it immediately to your financial institutions.”