CNA Suffers “Sophisticated” Cyber-Attack – Infosecurity Magazine
The website of insurance giant CNA is out of action following a cyber-attack that took place over the weekend.
Visitors to the website of the Chicago-based firm are greeted with a notice explaining that threat actors have disrupted the company’s network.
In a statement released Tuesday evening, CNA described the assault as a “sophisticated cybersecurity attack.” The company said that certain systems, including corporate email, had been impacted.
The attack triggered the global company to implement a network shutdown.
“Out of an abundance of caution, we have disconnected our systems from our network, which continue to function,” revealed CNA.
“We’ve notified employees and provided workarounds where possible to ensure they can continue operating and serving the needs of our insureds and policyholders to the best of their ability.”
The incident has been reported to law enforcement, and CNA has sought outside help to determine how the attack was carried out.
“Upon learning of the incident, we immediately engaged a team of third-party forensic experts to investigate and determine the full scope of this incident, which is ongoing,” said the company.
“We have alerted law enforcement and will be cooperating with them as they conduct their own investigation.”
To handle claims and billing during the outage, five dedicated email inboxes have been set up by CNA.
No evidence has been found to suggest that the cyber-attack on CNA resulted in a breach of customer data.
“The security of our data and that of our insureds’ and other stakeholders is of the utmost importance to us,” said CNA.
“Should we determine that this incident impacted our insureds’ or policyholders’ data, we’ll notify those parties directly.”
CNA Financial is one of the biggest commercial property and casualty insurance companies in America and has 5,800 employees located around the world.
Commenting on the security incident, Isabelle Dumont, vice president of market engagement at Cowbell Cyber, said: “Every business, regardless of industry, can be targeted and should apply security best practices.
“Working with a breach coach dedicated to cyber, and an experienced incident response team to understand the scope of the incident with the type and volume of data impacted, is paramount when a cyber incident occurs.”