Contents:
A new cyberattack has come to light recently. A September 2020 AJG data breach has been reported by the company itself, affecting a number of the insurance company’s systems. Customer data stored on the compromised systems might have been leaked or stolen in a ransomware attack that happened on the 26th of September 2020. Back then, the company acted immediately and shut down all of their systems, informed the law enforcement, launched protocols of response, engaged in an investigation with the help of third-party forensic and cybersecurity experts, and thought of a suitable plan to mitigate risks for their clients, revealed an 8K filing AJG sent to SEC (U.S. Securities and Exchange Commission) on the 28th of September.
Now, potential victims and regulatory authorities are receiving e-mail notifications from the company informing them of the AJG data breach.
Who Is AJG?
Arthur J. Gallagher & Co. (“Gallagher”) known as AJG is one of the leaders in the risk management and insurance brokerage industry. The company was founded in 1927, having its origins in Chicago. The company also provides consulting services, not only to enterprises around the world but also to individuals. Its current headquarters are in Rolling Meadows, Illinois and it has also extended its services in 150 countries.
What Data Was Exposed in the AJG Data Breach?
The September AJG Data Breach affected some company systems where customer confidential data was stored. The insurance enterprise did not confirm if the data was stolen or accessed by threat actors, but the investigation that followed revealed that data stored on the compromised systems was disclosed. As the company reported on their website, the information exposed to the attack contained:
- Password and username;
- Birth data;
- Passport ID;
- Data related to credit cards or financial accounts;
- Social Security Number;
- Employee Number;
- Medical info such as treatment, diagnosis, medication, etc.;
- Biometric info;
- Electronic signature;
- Driver’s license.
How Did This Happen?
The insurance company has not made any comments regarding the cause of the AJG Data breach.
However, as Bleeping Computer reports, Troy Mursch, the chief research officer from the Bad Packets company which monitors cyber-attacks targeting enterprises, explained that two of the AJG servers, more specifically F5 BIG-IP, were susceptible to being affected by CVE-2020-5902 before this new AJG data breach, an RCE (remote code execution) that affected F5 Big-IP ADC devices in July 2020.
The threat actor behind this AJG data breach remains still unknown at the present moment, but the ransomware found in the company systems is said to be RagnarLocker, the Insurance Journal reported. The FBI encourages clients not to fall into the trap of paying ransomware.
What Can Customers Do?
Besides sending notification letters via e-mails to the potentially affected customers and to regulatory authorities, Arthur J. Gallagher & Co. has also provided some advice on the AJG data breach.
Individuals are encouraged to remain vigilant against incidents of identity theft by reviewing account statements and credit reports for unusual activity and reporting any suspicious activity immediately to their financial institution. In addition, we are offering affected individuals access to complimentary identity and credit monitoring services.
These credit monitoring services are offered via Kroll, a leading risk consulting company, and are available for 24 months and free of charge for the affected clients where they will be notified on fraudulent changes of credit data, will be helped to restore data in case of identity theft and also clients have unlimited access to specialized support on the fraud topic.