Cognizant, one of the largest tech and consulting companies in the Fortune 500, has confirmed it was hit by a ransomware attack.
Details remain slim besides a brief statement on its site, confirming the incident.
“Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack,” the statement read. “Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident.”
The New Jersey-headquartered IT giant said it was engaging with the law enforcement.
The company, which offers a range of services including IT consultation to clients in more than 80 countries, posted $16.8 billion in revenue last year. The decades-old firm also maintains a business agreement with Facebook to help the social giant moderate content on its platform. Cognizant employs about 290,000 people, most of whom live in India.
When reached, Cognizant spokesperson Richard Lacroix declined to comment beyond the statement.
Maze is not like typical data-encrypting ransomware. Maze not only spreads across a network, infecting and encrypting every computer in its path, it also exfiltrates the data to the attackers’ servers where it is held for ransom. If a ransom isn’t paid, the attackers publish the files online. However, a website known to be associated with the Maze attackers, has not yet advertised or published data associated with Cognizant.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch, and a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
The FBI privately warned businesses in December of an increase in Maze-related ransomware incidents.
Since the warning, several major companies have been hit by Maze, including cyber insurer Chubb, accounting giant MNP, a law firm and an oil company.
According to Bleeping Computer, which first reported the attack, the Maze hackers denied responsibility for the attack.
“That does not mean Maze was not responsible,” said Brett Callow, a threat analyst and ransomware expert at security firm Emsisoft. “At some point in the last three weeks, Maze also hit two Manitoba law firms, neither of which has been listed.”
“It’s possible the group is holding off naming the firms and publishing any data pending the outcome of negotiations, and that could be the case with Cognizant too,” said Callow.
Updated at 3.13PM PT on April 20: In a filing with SEC on Monday, Cognizant, which earlier this month withdrew its guidance for 2020, said that the attack “may continue to cause an interruption in parts of our business and may result in a loss of revenue and incremental costs that may adversely impact our financial results.”
Cyber insurer Chubb had data stolen in Maze ransomware attack
