Cognizant Says Maze Ransomware Attackers Hijacked Tax ID, Social Security, Passport Data

The cybercriminals who hit Cognizant this spring “exfiltrated” data related to employees' corporate credit cards among other personal data including Social Security numbers, tax IDs, financial account information, and driver’s license and passport details, according to two letters Cognizant filed with California state regulators.

While the two letters read largely the same, one letter is addressed to Cognizant employees and talks about the theft of personal information related to company credit cards. The second letter is addressed to individuals impacted.

“We have determined that the personal information involved in this incident included your name and one or more of: your Social Security number and/or other tax identification number, financial account information, driver’s license information, and/or passport information,” the letter stated.

The company said on April 18 that it had been hit with what it suspected was Maze ransomware. According to several security experts, Maze is a relatively new form of ransomware that is particularly insidious as it steals data as well as crypto-locks it behind a password, meaning private data is left in the hands of cybercriminals with only their word that it will remain confidential.

[Related: Cognizant Left With ‘No Good Options’ After Maze Attack: Security Expert]

Cognizant said on April 20 it learned the cybercriminals “exflitrated limited amount of data.” The company said a later investigation discovered the attackers likely stole the data between April 9 and April 11.

“The majority of the personal information that was impacted was information relating to our corporate credit cards,” according to a letter signed by Becky Schmitt, chief people officer at Cognizant. “Out of an abundance of caution, we are giving notice to all associates who have an active corporate credit card.”

Cognizant apologized to employees and others hit. It is offering 12 months of free identity theft and dark web monitoring from ID Experts to those with corporate credit cards, as well as any other person whose data was stolen. In its letters, the company said the FBI is investigating who carried out the attack while Cognizant is working to improve its own security posture.

In both letters, Cognizant said it has “no reason to believe that any fraudulent activity has been carried out on the accounts.” However, the company is warning victims to stay on guard.

“You should always remain vigilant for incidents of fraud and identity theft, including by regularly reviewing your account statements and monitoring free credit reports,” the letter stated. “If you discover any suspicious or unusual activity on your accounts or suspect identity theft or fraud, be sure to report it immediately to your financial institutions.”