Back in March the insurance company’s systems were infected with the Phoenix Locker ransomware which cybersecurity experts believe is a new ransomware family developed by the infamous Russian cybercriminal group Evil Corp.
Now though, CNA has revealed that 75,349 of its customers were affected by a data breach which proceeded the ransomware attack.
In a data breach notification sent out to affected customers, CNA explained that the cybercriminals behind the attack copied some information from its systems before deploying their ransomware, saying:
“The investigation revealed that the threat actor accessed certain CNA systems at various times from March 5, 2021 to March 21, 2021. During this time period, the threat actor copied a limited amount information before deploying the ransomware. However, CNA was able to quickly recover that information and there was no indication that the data was viewed, retained or shared. Therefore, we have no reason to suspect your information has or will be misused.”
After investigating which files were stolen during the attack, CNA discovered that they contained the personal information of its customers including their names and Social Security Numbers.
According to a new report from BleepingComputer, the news outlet spoke with sources familiar with the attack who told it that the cybercriminals that deployed the Phoenix Locker ransomware were able to encrypt over 15,000 devices connected to CNA’s network. At the same time though, the attackers also encrypted the computers of CNA employees working from home who were logged into its VPN during the breach.
In order to protect its customers whose information was obtained during the data breach, CNA will be offering them 24 months of free identity theft protection and credit monitoring from Experian IdentityWorks.
In addition to notifying its customers about the ransomware attack and data breach, CNA has also notified the FBI and the company is working closely with law enforcement as they conduct their own investigation into the matter.