After a Ransomware Attack, CNA Reports a Data Breach

Following a Phoenix CryptoLocker ransomware attack in March, CNA Financial Corporation, a leading US-based insurance firm, is notifying clients of a data breach. According to the Insurance Information Institute, CNA is the seventh-largest commercial insurance company in the United States. Individuals and corporations in the United States, Canada, Europe, and Asia can purchase a wide range of insurance products from the company, including cyber insurance coverage. 

“The investigation revealed that the threat actor accessed certain CNA systems at various times from March 5, 2021 to March 21, 2021,” CNA said in breach notification letters mailed to affected customers on 9th July. “During this time period, the threat actor copied a limited amount information before deploying the ransomware.” According to breach information filed with Maine’s Attorney General’s office, the data breach reported by CNA affected 75,349 people. 

CNA realized that the data stolen during the assault contained personal information such as names and Social Security numbers after evaluating them. “Having recovered the information, we have now completed our review of that information and have determined it contained some personal information including name, Social Security number and in some instances, information related to health benefits for certain individuals,” CNA explained in a separate incident update.

“The majority of individuals being notified are current and former employees, contract workers, and their dependents.” The corporation went on to say that there was no evidence that the stolen data was “viewed, retained, or shared.” Furthermore, CNA states that there is no reas

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: After a Ransomware Attack, CNA Reports a Data Breach