A cyberattack on AON, a professional services and insurance company, has affected a “limited” number of systems. AON is a multinational professional services company that specializes in business insurance, cybersecurity consultancy, healthcare insurance, risk management, reinsurance, and wealth management products.
AON has declared a cyberattack on February 25th, 2022, in an 8-K form submitted with the Securities and Exchange Commission. The Company initiated an inquiry as soon as it became aware of the occurrence and enlisted the help of third-party advisers, incident response specialists, and legal counsel.
However, it has not disclosed any specifics about the incident other than the fact that it happened last Friday and only a small number of systems were impacted. “Although the Company is in the early stages of assessing the incident, based on the information currently known, the Company does not expect the incident to have a material impact on its business, operations or financial condition,” clarified the Company.
AON is a renowned reinsurance firm, which means they secure insurance companies in addition to being an insurance broker. A source revealed that data dumps of other insurers’ clients are usual in the reinsurance sector when underwriting a reinsurance policy. As a result, AON is a tempting target for cybercriminals who frequently steal company data during cyberattacks.
According to the REvil ransomware gang, insurance companies are “one of the finest morsels” as they supply lists of potential targets who are more likely to pay a ransom because they have cyber insurance plans. In 2021, the Evil Corp cybercrime group attacked insurance major CNA in a ransomware campaign. According to reports, they paid a $40 million ransom to get a decryptor and prevent their stolen data from being released.
More questions concerning the intrusion were sent to AON, but no response has been received by now.