Maze ransomware attack: Names, account numbers of company credit cards compromised, says Cognizant

The ransomware encrypts the sensitive information, in this case, employee credit card account numbers, and exfiltrates these to the hackers.

In the email to employees, Cognizant said, “A limited amount of personal data (of associates) was compromised before the attack was contained on May 1.”

“Vast majority of the information consisted of names and account numbers (and no other personal information) from some American Express cards,” the mail added.

The email further added that some of its associates who held corporate credit card will have access to complimentary credit card monitoring, dark web monitoring, and restoration services. This will be available to everyone whether or not their card data was compromised in the attack.

The company has also identified a limited number of instances where other personal data may have been compromised. “The small number of associates who have had other kinds of personal information exposed will be notified directly by June 24, 2020, and will also receive complimentary identify theft protection,” the company added.

According to CRN, the company has filed two letters with California state regulators where it has disclosed the theft of personal information related to company credit cards.

In another email sent to employees impacted, the company has said that personal information compromised included social security number, tax identification number, financial account information, driver’s licence information, and passport information, the CRN report added.