Cognizant is one of the largest IT companies in the world with about 300.000 employees and revenues of more than $ 15 billion.
On April 17, Cognizant began shipping e-mail to its customers to warn them that the company had been attacked by Maze Ransomware. The notice asked them to disconnect from the company's systems so that they would not be affected by attack.
This email also contained some evidence of infringement, such as: IP addresses used by Maze and file hashes for kepstl32.dll, memes.tmp and maze.dll files. These IP addresses and the files are known to have been used in previous attacks by them hackers of Maze ransomware.
While Cognizant said at the time that the attack came from the Maze gang, the hackers they denied being behind the attack.
Violation and most likely theft of the violated data
In two letters of information about the violation datafiled with the California Attorney General's Office, Cognizant states that Maze Ransomware operators were active on the company's network between April 9 and 11.
As long as they had access, "most likely stolen a limited amount of data from Cognizant systems ”.
Before the development of ransomware and encryption devices, Maze Ransomware operators spread across the network and steal files.
After stealing data, hackers threaten to leak it to a site they have created. This site usually displays files of victims who do not pay a ransom.
Cognizant has warned that hackers may have stolen sensitive personal information data such as SSN, tax information, financial information, driving licenses and passports.
As for employees, the company said corporate credit cards may also have been exposed.
For those affected, Cognizant provides the service Dark web free monitoring, for one year.