Arthur J. Gallagher (AJG), a US insurance brokerage and risk management firm, is mailing breach notifications to about 33,000 individuals whose data was affected by a ransomware attack in September.
“Working with the cybersecurity and forensic specialists to determine what may have happened and what information may have been affected, we determined that an unknown party accessed or acquired data contained within certain segments of our network between June 3, 2020, and September 26, 2020,” AJG said.
AJG is one of the world’s largest insurance brokers. Its operations are carried out in 49 countries, and it has over 33,300 employees.
While AJG didn’t disclose the details of the attack, it noted that the attackers gained unauthorized access to various systems and collected sensitive information.
The types of information that was stored on compromised systems include: “Social Security number or tax identification number, driver’s license, passport or other government identification number, date of birth, username and password, employee identification number, financial account or credit card information, electronic signature, medical treatment, claim, diagnosis, medication or other medical information, health insurance information, medical record or account number, and biometric information.”
AJG said that it only suffered limited damage from the ransomware attack.
“We promptly took all of our global systems offline as a precautionary measure, initiated response protocols, launched an investigation, engaged the services of external cybersecurity and forensics professionals, and implemented our business continuity plans to minimize disruption to our customers,” AJG said.
As required by law, AJG has notified data regulatory authorities and all potentially impacted individuals.
Due to an incident involving the unauthorized disclosure of certain personal information, Gallagher is providing free credit monitoring services to the affected individuals.
Troy Mursch, the chief research officer of Bad Packets, said that they had two F5 BIG-IP servers that were vulnerable to CVE-2020-5902 prior to the attack.
At the moment, it is unknown what ransomware gang was behind this attack. There are more than 20 different ransomware operations that are known to first steal data from victims’ and only then deploy their malware.