Commercial insurer CNA has started notifying customers that threat actors did have access to some personal data during a ransomware attack in March.
The Chicago, Illinois-based company detected the incident on March 21 and shut down systems to contain it. By mid-May, the insurance giant said it was able to fully recover from the attack.
This week, the company started notifying customers that some personal data was accessed during the attack, but stressed that it was able to recover all the data.
“We have no evidence that any of your personal information has or will be misused, but we wanted to make you aware of the incident, the measures we have taken in response, and to provide details on proactive steps you may consider taking to help protect your information,” according to the letter from CNA.
The insurer also revealed that the attackers had access to its systems from March 5, 2021 to March 21, 2021, and that immediately after discovering the incident it took steps to contain it and launched an investigation.
During the two-week period they had access to CNA’s systems, the hackers accessed and copied “a limited amount of information,” and only after that they deployed ransomware, the company says.
“However, CNA was able to quickly recover that information and there was no indication that the data was viewed, retained or shared. Therefore, we have no reason to suspect your information has or will be misused.”
Information stolen included names and Social Security numbers, the company said.
CNA did not say how it was able to recover the stolen personal information, but a published report suggested in May that the company paid roughly $40 million to regain control of the data.
Related: Continuous Updates: Everything You Need to Know About the Kaseya Ransomware Attack
Related: CISA Warns of Threat Posed by Ransomware to Industrial Systems