Cognizant cyber solutions firm has notified both employees and the California state regulators that the majority of private information that was compromised during the April Cognizant ransomware attack involved corporate credit cards. The credit cards were issued to the firm’s employees.
Back in April Maze attackers orchestrated the Cognizant ransomware attack. The firm has now notified its employees that their private information, such as company corporate credit card names and account numbers, has been leaked.
“A limited amount of personal data (of associates) was compromised before the attack was contained on May 1. Vast majority of the information consisted of names and account numbers (and no other personal information) from some American Express cards,” Cognizant wrote in a corporate letter to the employees.
The technology solutions firm is expected to be impacted by $50-$70 million in generated revenues during this quarter. Furthermore, the Cognizant ransomware attack has been reported to the Federal Bureau of Investigations (FBI) for investigations.
As of now, there are no details on whether the attack only affected employees in the United States or employees from other geographical locations. However, the firm has informed the affected employees that they will receive access to credit card monitoring, dark web monitoring, and free restoration of services.
Moreover, the firm also noted that some employees’ data beyond the corporate credit card info had been leaked.
“The small number of associates who have had other kinds of personal information exposed will be notified directly by June 24, 2020, and will also receive complimentary identify theft protection,” the firm allegedly stated.
Details of the leaked personal information include tax identifications, social security details, passport information, driver’s license details, and many more. Cognizant has allegedly filed two statements with California authorities regarding the Maze ransomware attack. The initial letter is directed to employees regarding the attack, while the second one is directed to the affected persons.