Frame-14

Privacy Ninja

        • DATA PROTECTION

        • Email Spoofing Prevention
        • Check if your organization email is vulnerable to hackers and put a stop to it. Receive your free test today!
        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • AntiHACK Phone
        • Boost your smartphone’s security with enterprise-level encryption, designed by digital forensics and counterintelligence experts, guaranteeing absolute privacy for you and up to 31 others, plus a guest user, through exclusive access.

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$3,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Secure your digital frontiers with our API penetration testing service, meticulously designed to identify and fortify vulnerabilities, ensuring robust protection against cyber threats.

        • Network Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Mobile Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Web Penetration Testing
        • Fortify your web presence with our specialized web penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats.

        • RAPID DIGITALISATION

        • OTHERS

Insurance Giant CNA Reports Data Breach After Ransomware Attack

Insurance Giant CNA Reports Data Breach After Ransomware Attack

CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March.

CNA is considered the seventh-largest commercial insurance firm in the US based on stats from the Insurance Information Institute.

The company provides an extensive array of insurance products, including cyber insurance policies, to individuals and businesses across the US, Canada, Europe, and Asia.

Over 75,000 individuals affected

“The investigation revealed that the threat actor accessed certain CNA systems at various times from March 5, 2021 to March 21, 2021,” CNA said in breach notification letters mailed to affected customers today.

“During this time period, the threat actor copied a limited amount information before deploying the ransomware.”

The data breach reported by CNA affected 75,349 individuals, according to breach information filed with the office of Maine’s Attorney General.

After reviewing the files stolen during the attack, CNA discovered that they contained customers’ personal information such as names and Social Security numbers.

“Having recovered the information, we have now completed our review of that information and have determined it contained some personal information including name, Social Security number and in some instances, information related to health benefits for certain individuals,” CNA explained in a separate incident update.

“The majority of individuals being notified are current and former employees, contract workers and their dependents.”

The company added that it found no evidence that the stolen information was “viewed, retained or shared.”

Additionally, CNA claims there is no reason to suspect that the stolen information was or will be misused in any way.

Also Read: PDPA Singapore Guidelines: 16 Key Concepts For Your Business

CNA will be offering 24 months of complimentary credit monitoring and fraud protection services through Experian. CNA is also providing a toll-free hotline for the individuals to call with any questions regarding the Incident. — CNA

Systems fully restored after ransomware attack

Sources familiar with the attack told BleepingComputer that the Phoenix CryptoLocker operators encrypted over 15,000 devices after deploying ransomware payloads on CNA’s network on March 21.

BleepingComputer also learned that the attackers encrypted the computers of remote workers who were logged into the company’s VPN during the incident.

Based on similarities in the code, Phoenix Locker is believed to be a new ransomware family developed by the Evil Corp hacking group to avoid sanctions after WastedLocker ransomware victims would no longer pay ransoms to avoid legal action or fines.

When asked by BleepingComputer about a connection between the sanctioned Evil Corp and the Phoenix group, CNA replied that there was no confirmed nexus.

“The threat actor group, Phoenix, responsible for this attack, is not a sanctioned entity and no U.S. government agency has confirmed a relationship between the group that attacked CNA and any sanctioned entity,” the company said.

“We have notified the FBI of this incident and are actively cooperating with them as they conduct their investigation of the incident.”

Two months ago, CNA reported that it has restored the systems impacted in the ransomware attack and is operating “in a fully restored state.”

The insurance provider added that it did not find any evidence while investigating the incident of stolen policyholder info surfacing, being exchanged or being put up for sale on the dark web or hacking forums.

Also Read: Data Protection Officer Singapore | 10 FAQs

Update: Added info provided by CNA spokesperson on additional data exposed in the incident.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us