Nothing fills you with confidence in an IT contractor more than hearing its staff personal records were stolen by ransomware hackers. Right, Cognizant?

Staff records – from social-security and corporate credit card numbers, to passport and bank account details – were siphoned from Cognizant by hackers who then doused the IT contractor in ransomware.

A pair of disclosures [PDF] from Cognizant to the California Attorney General’s office, mandated by US state law, this week shed more light on its Maze ransomware infection. We’re told employee expense card information, along with personal records, were stolen by network intruders over a three-day period from April 9 to 11; the security breach was spotted on April 20.

Here’s what Cognizant’s chief people officer Becky Schmitt told staff yesterday, according to the filings…

..and…

A spokesperson for Cognizant further clarified in an email to The Register: “It involved certain personal information related to some current and former Cognizant personnel and individuals involved in corporate transactions.” Said folks are based in and outside the US, we’re told.

A leak of internal info was a definite possibility when Cognizant said back in April it had become the latest victim of the Maze gang. The ransomware-slinging outfit is known for not only encrypting the data of systems it breaks into, but also exfiltrating and occasionally publishing the data to scare victims into paying up.

Past victims of the crew include insurance companies and Posh Spice‘s business interests.

For what it’s worth, Cognizant – which employs close to 300,000 people and rakes in billions of dollars a year – said it hasn’t heard of any fraud taking place using the records, so employees may be in the clear for now. Still, the IT giant will be ponying up for a year of identity theft monitoring services for its stiffed workforce. Those concerned are being sent letters with activation codes for the monitoring service.

Colleagues would be well-advised to keep a close eye on their bank statements for signs of fraud. ®

Sponsored: Webcast: Ransomware has gone nuclear

READ MORE HERE