Insurer AXA hit by ransomware after dropping support for ransom payments

Insurer Giant AXA Git by Avaddon Ransomware

French insurance giant AXA has suffered a ransomware attack on some of its branches in Thailand, Malaysia, Hong Kong, and the Philippines. The attack impacted their IT operations.

Avaddon ransomware group, who carried out the attack, claimed on their leak site they had stolen 3 TB of sensitive data.

The group claims they have customer medical reports (including those containing sexual health diagnosis), copies of ID cards, bank account statements, material restricted to hospitals and doctors (private fraud investigations, agreements, denied reimbursements, contracts), payment records, customers’ bank account scanned documents, claim forms, and more.

The hackers also said they are carrying out a DDoS attack against AXA’s websites based in Thailand, Malaysia, Hong Kong, and the Philippines. Avaddon previously announced in January 2021 that they would do DDoS attacks on victims’ sites to make them reach out and begin negotiating.

The exact date of the attack is not known, but Avaddon started leaking the stolen data on Thursday last week.

Avaddon gave AXA ten days to communicate with the hackers, after that they will leak more of AXA’s valuable documents.

AXA said in a response to BleepingComputer:

“As a result, certain data processed by Inter Partners Assistance (IPA) in Thailand has been accessed… At present, there is no evidence that any further data was accessed beyond IPA in Thailand.”

AXA said it’s working with external forensic experts to investigate the incident and that it has informed regulators and business partners.

“AXA takes data privacy very seriously and if IPA’s investigations confirms that sensitive data of any individuals have been affected, the necessary steps will be taken to notify and support all corporate clients and individuals impacted,” an AXA spokesperson told.

This attack came just a week after the Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) warned of ongoing Avaddon ransomware attacks targeting organizations in the US and worldwide.


About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.