back to article Nothing fills you with confidence in an IT contractor more than hearing its staff personal records were stolen by ransomware hackers. Right, Cognizant?

Staff records – from social-security and corporate credit card numbers, to passport and bank account details – were siphoned from Cognizant by hackers who then doused the IT contractor in ransomware. A pair of disclosures [PDF] from Cognizant to the California Attorney General's office, mandated by US state law, this week shed …

  1. Anonymous Coward
    Anonymous Coward

    Details?

    Is this only US employees?

    Is this only current employees?

    Are they going to “pony up” for those of us who have escaped recently?

    1. diodesign (Written by Reg staff) Silver badge

      Re: Details?

      We're chasing that up. Cognizant told us so far:

      "It involved certain personal information related to some current and former Cognizant personnel and individuals involved in corporate transactions."

      Edit: It's folks in and outside the US.

      C.

    2. TheVogon Silver badge

      Re: Details?

      Large GDPR fine incoming?

  2. Anonymous Coward
    Anonymous Coward

    Appointing Dido Harding

    Head of Track and Trace comes pretty close.

  3. Anonymous Coward
    Anonymous Coward

    Lol

    Out of an abundance of caution...

    Straight face award of the week

    1. Smooth Newt Silver badge
      Meh

      Re: Lol

      Out of an abundance of caution...

      What about an abundance of caution before this happened?

  4. Anonymous Coward
    Anonymous Coward

    At least they weren't the victims of a "sophisticated cyber attack". Phew..

  5. Sherminator
    Devil

    ID Protection?? Why bother

    Is this going to be the next status quo from companies? Sorry we leaked all your data, here, have a crap service from us incase your PII is used elsewhere?

    At some point, there needs to be some form of compensation to the Data Subject, beyond a crap ID checking service being chucked around for free.

    Let's hope Data Protection Laws on either side of the pond don't just get used to fill up treasury coffers, I'm sure we'd hate to see Data Subjects being leveraged for financial gain now wouldn't we??? :)

  6. Doctor Syntax Silver badge

    How much of that personal data was needed? That's actually needed as opposed to "needed" because someone wanted it.

    For instance if the business is providing company credit cards why should they need employees' credit card details? I'd like to think that at some point the penny will drop and these businesses will realise that all that "valuable data" they've been hoarding is really toxic waste.

    1. Anonymous Coward
      Anonymous Coward

      It's not 'toxic waste' if you can't be paid without it.

      Reading between the lines a bit, I wonder if it was anyone/everyone with a company credit card who had their personnel jackets "misappropriated"?

      The employer needs all that info for payroll, pension, medical insurance, reduced-cost loan schemes (bike or car purchase schemes, forex), and all the other interactions between employer and employed. Here in the UK, driving licence or passport info can be used to prove someone has the right to work here so that can count as necessary data. While it would be nice to imagine every employer could have their Personnel information on a system completely isolated from the Internet and only move across the really necessary data when it's really needed, reality is never that accommodating.

      1. sitta_europea

        Re: It's not 'toxic waste' if you can't be paid without it.

        "The employer needs all that info for payroll, pension, medical insurance, reduced-cost loan schemes (bike or car purchase schemes, forex), and all the other interactions between employer and employed. ..."

        Yeah, but the employer does NOT need to keep it all on a poorly secured Internet-facing system.

        Speaking as an employer, we keep stuff like that in (locked) filing cabinets in the office, and the only things of that sort that we put on the computers are the things that our certifiably insane government insists that we keep on the computers. Which, unluckily, seems to be more and more and more and more, as more and more idiotic ideas keep coming - primarily from HMRC, who couldn find their collective arses with their hands tied behind their backs.

  7. Tubz

    Class action suits both sides of the Atlantic !

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020