Chicago-based CNA Financial, one of the country’s largest insurance providers, has been hit by a cyber attack that’s left its website out of action and many network systems disrupted.
The insurance firm is the sixth-largest in the US and offers an extensive range of products, including policies against cyber attacks.
On March 21, the firm revealed it sustained a sophisticated cyber security attack.
“The attack caused a network disruption and impacted certain CNA systems, including corporate email,” the company statement read.
“Upon learning of the incident, we immediately engaged a team of third-party forensic experts to investigate and determine the full scope of this incident, which is ongoing. We have alerted law enforcement and will be cooperating with them as they conduct their own investigation.”
It added that it disconnected systems from its network, “out of an abundance of caution,” notified employees, and provided workarounds where possible to ensure they can continue operating.
“The security of our data and that of our insureds ’and other stakeholders is of the utmost importance to us. Should we determine that this incident impacted our insureds’ or policyholders’ data, we’ll notify those parties directly,” said the company.
CNA has also set up several email addresses to keep in contact with policyholders.
According to The Insurer, a publication serving the insurance industry, CNA’s network may be out of commission for a while, with the attack mainly impacting the underwriting and claims side of its business.
According to a tweet by Joshua Motta, CEO of security firm Coalition, there are rumors that the incident could be a ransomware attack. He added this could be a “nightmare scenario if cyber insurance policyholder data [is] compromised.”
Such data could give hackers information on how much money insurers could payout if a policyholder is attacked in the future. That would mean a hacker has more leverage over a victim, as they know how much money the insurer would pay out as a ransom. Such data could allow hackers to prioritize victims with larger or more comprehensive insurance policies.
CNA hasn’t yet revealed any further details of the attack or any lost or stolen data.
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
Anthropic CEO Dario Amodei thinks we're burying our heads in the sand on AI job lossesNews With AI set to hit entry-level jobs especially, some industry execs say clear warning signs are being ignored
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker groupNews An analysis of May's SQL database dump shows how much LockBit was really making
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabsNews An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs
-
US healthcare firm postponed procedures after cyber attack knocked systems offlineNews The incident at Kettering Health disrupted procedures for patients
-
It's been a bad week for ransomware operatorsNews A host of ransomware strains have been neutralized, servers seized, and key players indicted
-
Everything we know about the Peter Green Chilled cyber attackNews A ransomware attack on the chilled food distributor highlights the supply chain risks within the retail sector
-
US healthcare data breaches are out of control – over 400 million patient records have been exposed in the last two yearsNews There's been a huge surge in the number of healthcare data breaches in recent years
-
Scattered Spider: Who are the alleged hackers behind the M&S cyber attack?News The Scattered Spider group has been highly active in recent years
-
More than 5 million Americans just had their personal information exposed in the Yale New Haven Health data breach – and lawsuits are already rolling inNews A data breach at Yale New Haven Health has exposed data belonging to millions of people – and lawsuits have already been filed.
