The data obtained may help hackers better target firm’s customers.
One of the largest insurance firms in the U.S. CNA Financial was reportedly hit by a “sophisticated cybersecurity attack” on March 21, 2021. The cyber attack disrupted the company’s employee and customer services for three days as the company shut down “out of an abundance of caution” to prevent further compromise.
The insurance company posted a statement on its website notifying the public that it “sustained a sophisticated cybersecurity attack. The cyber attack caused a network disruption and impacted certain CNA systems, including corporate email.”
The cyber insurance firm added that it engaged forensic experts and law enforcement in its investigations.
“Upon learning of the incident, we immediately engaged a team of third-party forensic experts to investigate and determine the full scope of this incident, which is ongoing. We have alerted law enforcement and will be cooperating with them as they conduct their own investigation.”
CNA financial did not notify potential victims because it could not determine if the attackers stole any data.
Coalition CEO Joshua Motta said a nightmare scenario would be if the attackers stole policyholders’ data. He noted that accessing the data could help hackers determine which companies had applied for or acquired cyber insurance, the scope of coverage, and the limits of deductibles.
Ransomware operators could use that information during negotiations after compromising the cyber insurance policyholders. They could use the information to set optimal ransom demands matching the policyholders’ cyber insurance coverage.
Full article on https://www.cpomagazine.com/cyber-security/cyber-insurance-firm-suffers-sophisticated-ransomware-cyber-attack-data-obtained-may-help-hackers-better-target-firms-customers/
#ransomware #CNA #cnafinancial #US #hackers #yokdata #blog