Arthur J. Gallagher (AJG), a major U.S.-based insurer, has confirmed that he was the victim of a ransomware attack that disrupted some of its operations last weekend. AJG is one of the most important firms in its field and currently has more than 30 thousand employees in 40 countries.
In a statement the company mentions that the attack was detected on September 26, adding that the infection was possible only on a small number of computers on its networks: “Infected computers were immediately isolated as a security measure, plus we enabled all of our incident response protocols and initiated an investigation.” AJG also notified the incident to the relevant authorities.
The company also mentions that its IT systems have already been restored to almost 100%, and this is not expected to have a severe impact on its operations or financial statements.
Several members of the cybersecurity community have tried to contact the firm for more details, although these efforts have been fruitless. However, security expert Troy Mursch of Bad Packets confirmed that the company had been operating with two servers vulnerable to the operation of CVE-2020-5902.
On the other hand, although the company did not mention whether the attackers managed to access the confidential information of their customers or employees, there is a real possibility that this has happened, as AJG stores a lot of confidential details given the nature of its services. Among the information compromised are details such as:
- Personal data (full names, dates of birth and more)
- Contact details (phone numbers, email addresses, address)
- Government-issued IDs
- Medical and health details
- Information about the user’s policy
Exposure of this information could be highly harmful to those affected, as data stolen in similar incidents can be exposed as a way to force affected companies to perform the ransom payment. In some cases, threat actors even sell the information exposed in hacking forums, exposing affected people to even bigger risks.