After falling victim to a ransomware (opens in new tab) attack earlier this year, CNA Financial (opens in new tab) has begun notifying its customers of a data breach that occurred as a result of the attack.
Back in March the insurance company's systems were infected with the Phoenix Locker ransomware which cybersecurity experts believe is a new ransomware family developed by the infamous Russian cybercriminal group Evil Corp (opens in new tab).
Now though, CNA has revealed that 75,349 of its customers were affected by a data breach which proceeded the ransomware attack.
- We've built a list of the best identity theft protection (opens in new tab) services
- These are the best ransomware protection (opens in new tab) solutions on the market
- Also check out our roundup of the best firewall (opens in new tab)
In a data breach notification (opens in new tab) sent out to affected customers, CNA explained that the cybercriminals behind the attack copied some information from its systems before deploying their ransomware, saying:
“The investigation revealed that the threat actor accessed certain CNA systems at various times from March 5, 2021 to March 21, 2021. During this time period, the threat actor copied a limited amount information before deploying the ransomware. However, CNA was able to quickly recover that information and there was no indication that the data was viewed, retained or shared. Therefore, we have no reason to suspect your information has or will be misused.”
Stolen information
After investigating which files were stolen during the attack, CNA discovered that they contained the personal information of its customers including their names and Social Security Numbers.
According to a new report (opens in new tab) from BleepingComputer, the news outlet spoke with sources familiar with the attack who told it that the cybercriminals that deployed the Phoenix Locker ransomware were able to encrypt over 15,000 devices connected to CNA's network. At the same time though, the attackers also encrypted the computers of CNA employees working from home (opens in new tab) who were logged into its VPN (opens in new tab) during the breach.
In order to protect its customers whose information was obtained during the data breach, CNA will be offering them 24 months of free identity theft protection (opens in new tab) and credit monitoring (opens in new tab) from Experian IdentityWorks (opens in new tab).
In addition to notifying its customers about the ransomware attack and data breach, CNA has also notified the FBI (opens in new tab) and the company is working closely with law enforcement as they conduct their own investigation into the matter.
- We've also highlighted the best antivirus (opens in new tab)
Via BleepingComputer (opens in new tab)
