CNA hit with cyberattack | Insurance Business

This was followed by a later statement.

“On March 21, 2021, CNA determined that it sustained a sophisticated cybersecurity attack. The attack caused a network disruption and impacted certain CNA systems, including corporate email,” the website now states.

“Upon learning of the incident, we immediately engaged a team of third-party forensic experts to investigate and determine the full scope of this incident, which is ongoing. We have alerted law enforcement and will be cooperating with them as they conduct their own investigation.

“Out of an abundance of caution, we have disconnected our systems from our network, which continue to function. We’ve notified employees and provided workarounds where possible to ensure they can continue operating and serving the needs of our insureds and policyholders to the best of their ability.

“The security of our data and that of our insureds’ and other stakeholders is of the utmost importance to us. Should we determine that this incident impacted our insureds’ or policyholders’ data, we’ll notify those parties directly.”

One expert says there’s a silver lining to this event.

“If the news reports from CNA Insurance are accurate, they have taken immediate action to recover from the cyberattack on their systems. That’s the good news,” said Sam Curry, chief security officer at Cybereason. “The bad news is that details are currently scant. However, the decision to disconnect some systems from their network is a sign that valuable assets were likely exposed to fraudsters and criminals. Will exposed information end up for sale in underground criminal marketplaces? Only time will tell.”