IntelBroker, a threat actor (TA) who is a prominent member of the notorious BreachForums, has allegedly leaked a trove of data stolen from Cognizant Technology Solutions, a leading American multinational specializing in IT services and consulting. The alleged Cognizant data leak reportedly includes a document with 12 million lines from Cognizant’s internal website and user data from the company’s Oracle Insurance Policy Admin System (OIPA), a cloud-based DevOps solution.

Cognizant Data Leak: What All it May Contain

According to IntelBroker, the leaked user file comprises approximately 40,000 user records containing a wide array of sensitive data fields. These fields include policy number, role code, client name, company code, state code, role sequence number, arrangement number, arrangement status, start date, start year, end date, end year, draft day, modular amount, and next premium due date. The Cyber Express Team contacted Cognizant officials to verify these claims. "We are aware of the reports made by a cybercriminal organization, claiming it has targeted some of our services. We take this matter very seriously and we are investigating the validity and extent of this claim," Cognizant Spokesperson told The Cyber Express. Notably, the spokesperson neither denied the claim nor confirmed the Cognizant data leak reports. Should these claims be substantiated, the implications could be far-reaching, posing significant risks to both the affected individuals and Cognizant's reputation. The alleged Cognizant data breach highlights the ongoing and evolving threats that corporations face from sophisticated cybercriminals.

IntelBroker Previous Claims

IntelBroker is no stranger to high-profile cyber intrusions. The hacker has previously claimed responsibility for a massive data breach involving Advanced Micro Devices (AMD), a leading player in the semiconductor industry. This unverified breach, disclosed on BreachForums, included multiple data samples shared with the forum’s users, raising serious concerns about the security of AMD’s infrastructure. AMD officials have since stated that they are investigating the claims. IntelBroker's notoriety stems from a history of targeting diverse organizations, including critical infrastructure, major tech corporations, and government contractors. The hacker’s sophisticated approach to exploiting vulnerabilities has enabled access to sensitive information on multiple occasions. Previous claims include breaches at institutions like Apple, Lindex Group, and Acuity, a U.S. federal technology consulting firm.

Prior Cognizant Data Breaches

This incident is not the first time Cognizant has faced cyber threats. On September 1, 2023, Cognizant filed a notice of data breach with the Attorney General of Texas after discovering that an unauthorized party had accessed confidential consumer data stored on the company’s computer network. This Cognizant data breach followed a significant ransomware incident in April 2020, which Cognizant estimated would result in losses between $50 million and $70 million. In the April 2020 incident, Cognizant confirmed on April 18 that a security event involving its internal systems was causing service disruptions. The attack bore the signature of the Maze ransomware group, which had previously targeted multiple high-profile organizations. Cognizant provided affected customers with indicators of compromise (IOCs) and other technical information to aid in defensive measures. The potential leak by IntelBroker highlights the continuous and escalating cyber threats faced by multinational corporations. These incidents not only jeopardize the security of sensitive data but also have significant financial and operational impacts on the affected companies. The Cyber Express Team will continue to monitor the situation and provide updates as more information becomes available. In the meantime, we urge all organizations to review their cybersecurity protocols and ensure they are adequately prepared to respond to potential threats.