Massive Cognizant Data Breach Hits Youtube And Waze And Possibly Millions Of End Users Globally

NEW YORK - March 27, 2025 - PRLog -- A former Cognizant Technology Solutions Portugal employee, resigned May 31, 2023, over HR's broken €600 bonus promise, turned whistleblower under Portugal's Law 93/2021 and EU Directive 2019/1937. Over 480 days, he exposed a data leak hitting YouTube, Waze, and Cognizant's clients, worsened by delays from Garrigues, their Lisbon- and Porto-based law firm.

Since December 2023, 3,141 emails—six daily (five Waze, one to two YouTube)—flooded his reactivated Google Workspace account. Evidence includes YouTube logs from October 2024 (e.g., channel UCji81jxOuCoUp5mPNMAHpsQ, 5.87K subscribers) and Waze IDs like 1909839753 ("testuser01") with event details. Leaks span January 27, 2025 (Israel, ID 1495532043), February 28 (Tallinn, 59.4370°N, 24.7535°E), March 3 (Czech Republic, ID 1087208100), March 17 (Cincinnati), and March 23 (Buganizer Issue 339455096). March 24-26 breaches exposed users globally (e.g., Milan, ID 1507084873; Buenos Aires, ID 40756900) and Cognizant staff PII, violating GDPR, CCPA, PIPEDA, LGPD, and more.

Sparked by HR's 14-month dodge—stalling his €600 Edenred Card from 2022—he sued for €5,599 under Portugal's labor and civil codes. Cognizant called it "closed" February 27, 2025, but that €5,599 spark now blazes, dwarfed by a GDPR inferno that could top TikTok's €345M (2023), LinkedIn's €310M (2024), or Meta's €1.2B (2023). His demand: Cognizant overhauls data security and reports quarterly to regulators—no more evasions.

Backed by Cambridge Samuel and a global legal team, he targets €700M+ in fines and a stock drop, hitting regulators like Portugal's CNPD, the UK's ICO, the U.S. FTC, and EU DPAs (Ireland's DPC, France's CNIL).

Cognizant knew—Google Chat alerted a manager March 21, 14:50 WET—but missed GDPR's 72-hour deadline (March 24, 14:50 WET). He offered a fix by March 25; Garrigues botched it, missing a March 26 ultimatum. Their delays leave millions exposed.

This ex-employee flipped HR's mess into a 3,141-email reckoning, striking Cognizant and Garrigues hard. Regulators, clients like Alphabet, and end users from Europe to the Americas feel the breach. The press tracks a dual crisis—GDPR violations and corporate incompetence—as he fights for systemic change.

Press: public-relations@cambridgesamuel.com / class-action@cambridgesamuel.com
Evidence: Redacted samples available for regulators, media.

www.cambridgesamuel.com