Insurer CNA Starts Notifying Customers of Ransomware Attack and Data Breach
CNA Financial reported falling victim to a ransomware attack at the beginning of the year. Now the organization has started to inform its customers about the data breach that happened following initial attack.
The company’s systems were targeted through the Phoenix Locker ransomware back in March. According to cybersecurity professionals, this ransomware is suspected to have been developed by the infamous Russian cybercriminal group Evil Corp. It has been reported by CNA now that a total of 75,349 of its customers fell victim to a data breach that took place along with the ransomware attack.
CNA sent out a data breach notification to the customers who’s security was compromised. The notification informed that some of the customer’s data was copied off the company’s system before the ransom was deployed, stating:
“The investigation revealed that the threat actor accessed certain CNA systems at various times from March 5, 2021 to March 21, 2021. During this time period, the threat actor copied a limited amount of information before deploying the ransomware. However, CNA was able to quickly recover that information and there was no indication that the data was viewed, retained or shared. Therefore, we have no reason to suspect your information has or will be misused.”
CNA would be offering its customers 24 months of free credit monitoring and identity theft protection
The information that was stolen included personal information of the customers including their names and social security numbers. To compensate for the stolen information and compromised security of its customers, CNA has announced to offer the affected customers 2 year of free credit monitoring and identity theft protection from Experian IdentityWorks.
Moreover, CNA has also stated that it has also notified the FBI about the data breach and ransomware attack. For now, the case is under investigation by the company itself and the law enforcement team.