The onslaught of attacks against the IT and cybersecurity industry continues, and this time it’s the cyber insurance market that is coming under attack as insurance giant CNA said it was the victim of a sophisticated attack.
In a message posted to its website, the company said it sustained a “sophisticated cybersecurity attack” on March 21, which caused a network disruption and impacted certain internal systems, including the firm’s email.
After discovering the intrusion, engaging a team of third-party investigators and alerting law enforcement, the company disconnected its systems from its network, which is still functional.
Employees were provided workarounds where possible to keep the firm somewhat operational in the meantime.
“The security of our data and that of our insureds’ and other stakeholders is of the utmost importance to us,” the firm said in the message, which also included contact information and steps to file claims while the firm mitigates the threat. “Should we determine that this incident impacted our insureds’ or policyholders’ data, we’ll notify those parties directly.”
Insurance Chief: Cybersecurity Now the #1 Business Risk
Here is the full message from the firm:
On March 21, 2021, CNA determined that it sustained a sophisticated cybersecurity attack. The attack caused a network disruption and impacted certain CNA systems, including corporate email.
Upon learning of the incident, we immediately engaged a team of third-party forensic experts to investigate and determine the full scope of this incident, which is ongoing. We have alerted law enforcement and will be cooperating with them as they conduct their own investigation.
Out of an abundance of caution, we have disconnected our systems from our network, which continue to function. We’ve notified employees and provided workarounds where possible to ensure they can continue operating and serving the needs of our insureds and policyholders to the best of their ability.
The security of our data and that of our insureds’ and other stakeholders is of the utmost importance to us. Should we determine that this incident impacted our insureds’ or policyholders’ data, we’ll notify those parties directly.
We have established the following dedicated email inboxes to meet the needs of our insureds and policyholders:
To report a new claim, please contact: 1.877.262.2727, Option 2. For all other losses, please email (not fax) all new losses to ClaimFNOLbackup@cna.com. For distribution and underwriting support, please contact one of the following:
For U.S. Operations, please contact one of the following or call:
- Direct Bill: 1.877.276.7507
- Agent Customer Service: 1.877.574.0540
- Policy Service: email@example.com
- Billing and Collections: firstname.lastname@example.org
We are committed to keeping you apprised of the latest developments. Thank you for your patience.
Bleeping Computer, citing the Insurance Information Institute, said CNA is the sixth largest commercial insurance company in the U.S., and offers a wide range of insurance products, including cyber insurance.
Attacking a cybersecurity insurer could give threat actors valuable data and a list of potential targets that could be more likely to pay a ransom. However, we currently know very little about this attack, including if it is even a ransomware attack.
This also illustrates how threat actors are evolving and targeting big companies with valuable data on hundreds of thousands of smaller companies. We saw this with the compromise of SolarWinds and Microsoft Exchange Server, which combined led to the compromise of tens of thousands of organizations.