CNA Financial Corporation, the 7th-largest commercial insurance company in the US, is warning its customers about a data breach that occurred from March to April.
The insurance company offers a variety of products and services, including cyber insurance, to individuals and businesses in the US, Canada, Europe, and Asia.
CNA was hit by a cyberattack in March. It impacted the company’s operations and forced it to shut down its website and email. Today, it sent breach notification letters to affected customers, saying:
“The investigation revealed that the threat actor accessed certain CNA systems at various times from March 5, 2021, to March 21, 2021. During this time period, the threat actor copied a limited amount information before deploying the ransomware.”
Data breach reported by CNA with the office of Maine’s Attorney General affected about 75,349 individuals.
After reviewing the files stolen from the company, they discovered that their customers’ personal information was exposed, including names and Social Security numbers.
According to the company, it was able to “immediately recover the information” that was stolen. It did not find any indication that the data was viewed, retained, or shared.
For 24 months, CNA will be offering free credit monitoring and fraud prevention services through Experian. It is also offering a toll free hotline for those who have questions.
Meanwhile, researchers say CNA’s attackers used Phoenix CryptoLocker that has affected over 15,000 devices after they deployed ransomware on CNA’s network in March. The attackers also gained access to the computers of some remote workers and encrypted them.
Phoenix Locker is a new type of ransomware family that is believed to be operated by the Evil Corp group. However, CNA says there is no confirmed connection between the Evil Corp and the Phoenix group:
“The threat actor group, Phoenix, responsible for this attack, is not a sanctioned entity and no U.S. government agency has confirmed a relationship between the group that attacked CNA and any sanctioned entity,” the company said.
The company has notified the FBI about the incident and is cooperating with them in their investigation.