• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » News » CNA Financial Reports Customer Data Breach

CNA Financial Reports Customer Data Breach

2021-07-09 by Michelle Dvorak

CNA Financial Data Breach

Data Breach Follows Phoenix Cryptolocker Ransomware Attack

Note: We may earn a commission from products or services when you click on a link and make a purchase.

Insurance provider CNA Financial has reported a data breach. Compromised data includes sensitive customer information accessed during a ransomware attack.

CNA Financial (CNA NYSE) discovered the data breach on March 21st, 2021. insurance provider hired a third-party cyber security firm to respond to and mitigate the attack. It was discovered that the attackers had access to CNA computer systems for sixteen days in March.

The cybercriminals exfiltrated information from CNA servers after that they successfully deployed Phoenix Cryptolocker ransomware.

“The investigation revealed that the threat actor accessed certain CNA systems at various times from March 5, 2021, to March 21, 2021,” CNA says in a data breach notification letter obtained by Sergiu Gatlan.

The Evil Corp ransomware gang is known for using Phoenix Cryptolocker. The ransomware uses its signature ‘the.phoenix’ extension on encrypted files.

Evil Corp is known for its WastedLocker ransomware attack on GPS enabled tech provider Garmin last year. They are also infamous for their attacks using Dridex banking trojan to steal banking credentials.

Breached data includes:

  • Customers’ personal information
  • Names
  • Social Security numbers.

Did CNA pay ransomware?

Yes. CAN paid the hackers responsible for the Phoenix Cryptolocker Ransomware Attack $40 million USD to decrypt their systems. It is the third largest ever ransom ever paid.

CNA paid the ransom two weeks after the attackers successfully hijacked over 15,000 machines on CNA’s company network. Computers of employees working remotely were also disrupted according to eHackingnews.

Is CNA an insurance company?

CNA Financial Corporation is based in Chicago, Illinois. The company the seventh largest commercial insurer in the United States. They serve customers in the USA, Canada, Europe, and Asia.

CNA Financial has reported the incident to EU S Federal Bureau of investigations.

CNA Financial Data Breach – What to Do Next?

If you are a CNA financial customer impacted by the data breach you will receive a notification via U.S. Postal mail. CNA is providing identity theft protection to customers for two years.

Customers of CNA financial should be wary of future email phishing attacks. hackers used compromised data to develop and launch future cyberattacks. these may come in the form of fake news updates, security patches, or password reset requests or other.

  • Always use a unique password for all your online accounts. If you cannot remember a new password for every account, you own (the average Internet user has over 200 online accounts) then use a password manager to help create and store unique and hard to guess passwords
  • Use a quality antivirus app to detect and stop phishing emails and malicious websites. A subscription antivirus app is updated with the latest malware attack information. Get one installed on every phone and computer – click here.
  • Never click on a link in an email or download an attachment from someone you don’t know or in an email you were not expecting. attackers are capable of spoofing email sender names to make the emails look like they come from someone that you know.
  • When in doubt about an email or website, pick up the phone and call or text to find out of it’s real.

Filed Under: News

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version