Security News > 2021 > July > Insurance giant CNA reports data breach after ransomware attack
CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March.
CNA is considered the seventh-largest commercial insurance firm in the US based on stats from the Insurance Information Institute.
"The investigation revealed that the threat actor accessed certain CNA systems at various times from March 5, 2021 to March 21, 2021," CNA said in breach notification letters mailed to affected customers today.
The data breach reported by CNA affected 75,349 individuals, according to breach information filed with the office of Maine's Attorney General.
Sources familiar with the attack told BleepingComputer that the Phoenix CryptoLocker operators encrypted over 15,000 devices after deploying ransomware payloads on CNA's network on March 21.
Two months ago, CNA reported that it has restored the systems impacted in the ransomware attack and is operating "In a fully restored state."
News URL
Related news
- OneBlood confirms personal data stolen in July ransomware attack (source)
- Wolf Haldenstein law firm says 3.5 million impacted by data breach (source)
- Enzo Biochem settles lawsuit over 2023 ransomware attack for $7.5M (source)
- Medusa ransomware group claims attack on UK's Gateshead Council (source)
- Otelier data breach exposes info, hotel reservations of millions (source)
- Ransomware attack forces Brit high school to shut doors (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- PayPal to pay $2 million settlement over 2022 data breach (source)
- UnitedHealth now says 190 million impacted by 2024 data breach (source)
- Google takes action after coder reports 'most sophisticated attack I've ever seen' (source)