French insurance giant AXA has suffered a ransomware attack on some of its branches in Thailand, Malaysia, Hong Kong, and the Philippines. The attack impacted their IT operations.
Avaddon ransomware group, who carried out the attack, claimed on their leak site they had stolen 3 TB of sensitive data.
The group claims they have customer medical reports (including those containing sexual health diagnosis), copies of ID cards, bank account statements, material restricted to hospitals and doctors (private fraud investigations, agreements, denied reimbursements, contracts), payment records, customers’ bank account scanned documents, claim forms, and more.
The hackers also said they are carrying out a DDoS attack against AXA’s websites based in Thailand, Malaysia, Hong Kong, and the Philippines. Avaddon previously announced in January 2021 that they would do DDoS attacks on victims’ sites to make them reach out and begin negotiating.
The exact date of the attack is not known, but Avaddon started leaking the stolen data on Thursday last week.
Avaddon gave AXA ten days to communicate with the hackers, after that they will leak more of AXA’s valuable documents.
AXA said in a response to BleepingComputer:
“As a result, certain data processed by Inter Partners Assistance (IPA) in Thailand has been accessed… At present, there is no evidence that any further data was accessed beyond IPA in Thailand.”
AXA said it’s working with external forensic experts to investigate the incident and that it has informed regulators and business partners.
“AXA takes data privacy very seriously and if IPA’s investigations confirms that sensitive data of any individuals have been affected, the necessary steps will be taken to notify and support all corporate clients and individuals impacted,” an AXA spokesperson told.
This attack came just a week after the Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) warned of ongoing Avaddon ransomware attacks targeting organizations in the US and worldwide.