The company has nearly 30,000 employees, most of them in India, and had about US$17 billion in revenue in 2019. It provides services to clients in about 80 countries.
In a brief statement, Cognizant said: "Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack.
"Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident. Cognizant has also engaged with the appropriate law enforcement authorities.
The incident was first reported by the website Bleeping Computer which said it had tried to confirm the attack from the people behind the Maze ransomware but had only received a denial. It said Cognizant had sent emails to clients on Friday informing them of the attack.
Maze, and a number of other ransomware groups, exfiltrate data from their victims first, before encrypting files on the Windows machines that are attacked. This exfiltrated data is used to blackmail victims into paying up, with the Maze gang posting parts of the same on its site if the victim does not pay up immediately.
If the victim does not negotiate, then all the data is posted to hacker forums for any kind of use that the people who frequent these forums wish to indulge in.
Security researcher Brett Callow told iTWire that Cognizant had not yet been listed on the Maze website as is the case with victims who are refusing to pay up.
"But that does not mean the company was not hit by Maze," said Callow who works with Emsisoft.
"At some point in the last three weeks, Maze also hit two Manitoba law firms, [and] neither of [them] has been listed. It’s possible the group is holding off naming the firms and publishing any data pending the outcome of negotiations, and that could be the case with Cognizant too."
Last month, Maze hit the global insurer Chubb, a company which reported US$40 billion of gross premiums in 2019.