Connect with us

Hi, what are you looking for?



Insurer CNA Discloses Ransomware Attack

Commercial insurer CNA has started notifying customers that threat actors did have access to some personal data during a ransomware attack in March.

Commercial insurer CNA has started notifying customers that threat actors did have access to some personal data during a ransomware attack in March.

The Chicago, Illinois-based company detected the incident on March 21 and shut down systems to contain it. By mid-May, the insurance giant said it was able to fully recover from the attack.

This week, the company started notifying customers that some personal data was accessed during the attack, but stressed that it was able to recover all the data.

“We have no evidence that any of your personal information has or will be misused, but we wanted to make you aware of the incident, the measures we have taken in response, and to provide details on proactive steps you may consider taking to help protect your information,” according to the letter from CNA.

The insurer also revealed that the attackers had access to its systems from March 5, 2021 to March 21, 2021, and that immediately after discovering the incident it took steps to contain it and launched an investigation.

During the two-week period they had access to CNA’s systems, the hackers accessed and copied “a limited amount of information,” and only after that they deployed ransomware, the company says.

“However, CNA was able to quickly recover that information and there was no indication that the data was viewed, retained or shared. Therefore, we have no reason to suspect your information has or will be misused.”

Information stolen included names and Social Security numbers, the company said.

Advertisement. Scroll to continue reading.

CNA did not say how it was able to recover the stolen personal information, but a published report suggested in May that the company paid roughly $40 million to regain control of the data.

Related: Continuous Updates: Everything You Need to Know About the Kaseya Ransomware Attack

Related: CISA Warns of Threat Posed by Ransomware to Industrial Systems

Related: Security Researchers Dive Into DarkSide Ransomware

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...