Insurance coverage Dealer Aon Discloses Cyberattack

World insurance coverage dealer Aon has disclosed in a submitting with the U.S. Securities and Change Fee that the corporate suffered a cyber incident that it says affected a restricted variety of methods.

See Additionally: Stronger Safety Via Context-aware Change Administration: A Case Research

“On February 25, 2022, Aon plc. recognized a cyber incident impacting a restricted variety of methods. Promptly upon its identification of the incident, the corporate launched an investigation, and engaged the providers of third-party advisors, incident response professionals, and counsel,” the firm says.

The multinational agency says there’s at the moment no indication of a breach of any buyer data or confidential company data.

Investigation Underway

Aon’s 8-Okay submitting says that it’s within the early phases of assessing the incident. It say it doesn’t anticipate the incident to have a fabric impression on its enterprise, operations or monetary situation.

A spokesperson for Aon didn’t instantly affirm if the incident was a ransomware assault, however directed Data Safety Media Group to the SEC submitting. Aon has not but supplied extra particulars of the assault. The corporate solely says that the assault occurred final week and affected a restricted variety of methods.

Aon is a worldwide skilled providers firm providing a broad spectrum of threat, retirement, cybersecurity consulting, wealth administration merchandise and healthcare options. The corporate generated round $12.2 billion income in 2021 and has greater than 50,000 workers in 120 nations, in response to its web site.

An unnamed spokesperson for Aon reportedly advised Safety Week that the incident was not a ransomware assault, there was no encryption of information and the breach didn’t contain some other sort of malware.

Sam Linford, vp, Channel and MSSP, EMEA, at cybersecurity agency Deep Intuition, says: “Aon have been capable of restrict the impression of the assault to some methods because of performing rapidly and having a response technique in place. Assaults on the insurance coverage trade can have a major impression on each prospects and workers as a result of extremely delicate knowledge they maintain. Due to this fact, insurance coverage organizations should make sure that they’ve a cybersecurity resolution which might cease the potential for their knowledge being stolen.”

Insurance coverage Sector an Energetic Goal

Final yr, the insurance coverage firm CNA Monetary Corp. acknowledged {that a} cyber incident it suffered in March 2021 had been a ransomware assault and that it had notified 75,000 people that their knowledge might have been compromised (see: CNA Discloses Breach Associated to March Ransomware Assault).

Private data which will have been compromised throughout that incident included names, Social Safety numbers and in some situations, well being advantages data, CNA mentioned in a proper discover on the incident. The vast majority of people being notified have been present and former workers, contract employees and their dependents.

CNA reportedly paid a $40 million ransom after the ransomware assault.

In Might 2021, Asia Help, a subsidiary of Paris-based multinational insurance coverage firm AXA, was hit by a ransomware assault that affected its IT operations in Thailand, Malaysia, Hong Kong and the Philippines (see: Ransomware Assault Hits Asian Unit of Insurer AXA).

Tokio Marine, a Japan-based property and casualty insurer mentioned its Tokio Marine Insurance coverage Singapore unit had been hit by a ransomware assault in August 2021 (see: Insurer Tokio Marine Hit by Ransomware).