Leading insurance broker and Fortune 500 firm Arthur J. Gallagher (AJG) has announced it suffered a ransomware attack last year that was preceded by hackers exfiltrating data from its servers for three straight months while avoiding detection.
Arthur J Gallagher & Co, popularly known as AJG, is a global insurance brokerage and risk management services firm headquartered in Rolling Meadows, Illinois. It employs over 33,000 people in 49 countries, is ranked among the world’s largest brokers, and has been a member of the Fortune 500 list since 2016.
The insurance broker, who scores an abysmal 684 out of 950 in UpGuard’s Cyber Security rating, announced on 30th June the results of an extensive review it conducted into a ransomware attack impacting its systems in September last year. The firm said it was able to confirm that “an unknown party accessed or acquired data contained within certain segments of our network between June 3, 2020 and September 26, 2020.”
“While the investigation was able to confirm that certain systems were accessed, it was unable to confirm what information within those systems was actually accessed. Therefore, in an abundance of caution, Gallagher conducted an extensive review of the entire contents of the impacted systems and is notifying impacted individuals,” AJG said.
In the press release, the firm added that the impacted data contained “information relating to certain individuals” and it is presently notifying all the affected individuals about the breach of their personal and financial records.
The compromised data included “Social Security number or tax identification number, driver’s license, passport or other government identification number, date of birth, username and password, employee identification number, financial account or credit card information, electronic signature, medical treatment, claim, diagnosis, medication or other medical information, health insurance information, medical record or account number, and biometric information.”
The ransomware attack, that took place on 26th September last year, was preceded by three months of persistent access by hackers that AJG was unable to detect. During this period, hackers sat on servers containing sensitive data and exfiltrated everything they could. This is usually done to pressure companies into paying a ransom in case a ransom note doesn’t serve as sufficient motivation.
“Financial organisations are a prime target for cybercriminals because they have the money and an extensive collection of Personally Identifiable Information (PII), which they can use as leverage to get organisations to pay the ransom. Whether it’s to decrypt the files or prevent cybercriminal groups from releasing the data, this new evolution of ransomware is not stopping any time soon,” said James McQuiggan, Security Awareness Advocate at KnowBe4.
“Organisations involved with maintaining PII need to ensure that robust security programmes, like defence in depth, access control, and security awareness training, are in place to protect the data, infrastructure, and systems from malicious attacks.”