Cognizant Technologies Solutions U.S. Corporation

Cognizant Technology Solutions U.S. Corporation, a large IT services company, experienced a significant data breach that was first detected between May 30 and June 3, 2023. The breach was the result of a ransomware gang infiltrating the company’s files and extracting a substantial amount of sensitive personal and business-related information[1][3].

The compromised data included full names, insurance claim numbers, Social Security numbers, medical service information, bank account numbers, birth dates, and phone numbers of Cognizant and TMG Health customers, as well as select Medicaid and Medicare patients[1]. TMG Health is a healthcare services provider that works with Medicare Advantage, Medicaid Part D, and Managed Medicaid programs for many government agencies throughout the country[1].

Cognizant sent out notices on September 1, 2023, to individuals whose data was believed to have been exposed in the breach[1][3]. The company advised affected parties to run a full credit check, consider placing a freeze on their credit, and monitor their bank accounts closely to protect against potential identity theft and fraud[1].

The breach was reported to the Attorney General of Texas, and investigations were conducted to understand the extent and impact of the incident[3]. Cognizant is known for providing information technology, operations and technology consulting, infrastructure, and business process services to clients globally[3].

The stolen information may be resold or used to launch identity theft attacks or phishing attempts. As a precaution, Cognizant offered credit and identity theft monitoring services to those affected[1][5].

This incident is separate from a previous ransomware attack that Cognizant suffered in April 2020, where Maze ransomware was used to encrypt data on internal systems, and personal and financial information was stolen[5][13].

Cognizant has been cooperating with the Federal Bureau of Investigation (FBI) regarding the cybercriminals responsible for the attack and has taken steps to enhance the company’s overall security posture[13].

Citations:

1. https://www.idstrong.com/sentinel/cognizant-customers-exposed-in-data-breach/
2. https://news.cognizant.com/2024-02-06-COGNIZANT-REPORTS-FOURTH-QUARTER-AND-FULL-YEAR-2023-RESULTS
3. https://www.myinjuryattorney.com/cognizant-tmg-data-breach-investigation/
4. https://careers.cognizant.com/global/en
5. https://www.bleepingcomputer.com/news/security/it-giant-cognizant-confirms-data-breach-after-ransomware-attack/
6. https://www.cognizant.com/us/en/services/infrastructure-services/digital-workplace-services
7. https://www.doj.nh.gov/consumer/security-breaches/documents/cognizant-technology-solutions-corporation-20200701.pdf
8. https://www.cognizant.com/us/en/industries/retail-technology-solutions
9. https://www.reuters.com/legal/transactional/column-us-justice-dept-corporate-crime-policies-survive-challenge-cognizant-case-2023-07-24/
10. https://careers.cognizant.com/studentandinterns/global/en
11. https://www.crn.com/slide-shows/security/cognizant-breach-10-things-to-know-about-maze-ransomware-attacks
12. https://finance.yahoo.com/news/analysts-made-financial-statement-cognizant-105912070.html
13. https://www.securityweek.com/cognizant-says-data-was-stolen-april-ransomware-attack/
14. https://careers.cognizant.com/professionals/global/en
15. https://www.reuters.com/legal/government/column-us-justice-dept-corporate-crime-policies-face-big-test-cognizant-execs-2023-04-17/