Axa Partners, the international unit of French insurance giant Axa, said that parts of its Asian operations – including those in Malaysia, Thailand, Hong Kong, and the Philippines – were hit by a targeted ransomware attack.
According to a Financial Times (FT) report, a group of hackers employing ransomware called Avaddon earlier claimed they had breached the company’s Asian operations and stolen three terabytes of data.
In a dark web post, the hackers alleged that the stolen data included customers’ personally identifiable information, medical records and claims, in addition to data from hospitals and doctors. To prove this, the hackers apparently shared screenshots of IDs and passport pages, bank documents, hospital bills, and medical records.
Axa said the incident was being investigated by a task force involving external forensic experts, and that it would notify affected clients and individuals if their data was compromised.
Last week, Axa said it would stop writing insurance policies that refund companies that pay ransom to cyber criminals. A source told FT that the policy change happened after the ransomware attack.
Ransomware attacks are an increasingly common type of hacking that involves stealing sensitive or valuable data and threatening its release (or sale) unless a ransom is paid. Hackers can also block access to data pending payment. Recent high-profile victims reportedly or allegedly include the Colonial Pipeline, Acer, and CD Projekt Red.