Article by Rapid7 company, IntSights, head of threat intelligence advisory, Paul Prudhomme.
Last year, the insurance firm AXA was hit by a severe data breach, which resulted in 3TB of data, including identity documents, claims, reimbursements, account details and customer medical records, being exposed as part of a multi-faceted cyber attack.
AXA is just one of the insurance and financial services companies targeted recently by cybercriminals, and there is a pressing need in this sector to tighten security controls. The insurer operates globally and has a net income of AUD5.01 billion. AXA’s Asia Pacific components were breached after the company had stopped reimbursing new French customers for ransom attacks.
The company, which operates in Australia through XL Insurance Company SE and AXA Investment Managers, was hit by a group called Avaddon, which also conducts distributed denial of service (DDoS) attacks on top of setting up ransomware to pressurise victims to pay up.
The headline-grabbing attack is significant because it involved a damaging disclosure of customer data as well as possibly punishing AXA for not covering ransomware in reimbursements for its…
