Security News > 2021 > July > US insurance giant AJG reports data breach after ransomware attack

Arthur J. Gallagher, a US-based global insurance brokerage and risk management firm, is mailing breach notification letters to potentially impacted individuals following a ransomware attack that hit its systems in late September.

"Working with the cybersecurity and forensic specialists to determine what may have happened and what information may have been affected, we determined that an unknown party accessed or acquired data contained within certain segments of our network between June 3, 2020 and September 26, 2020," AJG said.

While AJG didn't say in the SEC filing announcing the ransomware attack if any customer or employee data was accessed or stolen by the attackers, a subsequent investigation found multiple types of sensitive information stored on systems breached during the incident.

The types of information discovered on compromised systems during the review include: "Social Security number or tax identification number, driver's license, passport or other government identification number, date of birth, username and password, employee identification number, financial account or credit card information, electronic signature, medical treatment, claim, diagnosis, medication or other medical information, health insurance information, medical record or account number, and biometric information."

AJG. AJG shut down all systems to block the attack.

AJG said in an 8-K filing with the U.S. Securities and Exchange Commission on September 28, 2020, that only a limited number of its internal systems were affected by the ransomware attack.

News URL

https://www.bleepingcomputer.com/news/security/us-insurance-giant-ajg-reports-data-breach-after-ransomware-attack/