article featured image


After suffering a ransomware attack that impacted its business operations and shut down its website, the leading US-based insurance company CNA is now warning its customers of a major data breach that happened as a consequence of the attack.

CNA Financial, considered to be one of the sixth-largest commercial insurance companies in the USA, according to the Insurance Information Institute, provides a broad range of standard and specialized property and casualty insurance products and services for businesses and professionals in the U.S., Canada, Europe, and Asia.

How Many Individuals Were Affected by the CNA Data Breach?

In breach notification letters sent to the impacted customers last week, CNA stated:

The investigation revealed that the threat actor accessed certain CNA systems at various times from March 5, 2021, to March 21, 2021. During this time period, the threat actor copied a limited amount of information before deploying the ransomware.


The insurance company has disclosed that 75,349 of its customers were impacted by the data breach which followed the ransomware attack.

Having recovered the information, we have now completed our review of that information and have determined it contained some personal information including name, Social Security number and in some instances, information related to health benefits for certain individuals.


The majority of people being informed are employees who have worked or currently work at CNA, contract workers, and their dependents.

According to the notification, the company was able to immediately recover the copied information and there was no evidence that that the data was viewed, retained, or shared. Therefore, CNA has no reason to suspect that their clients’ information has or will be misused.

The CNA Financial Ransomware Attack

It looks like during the CNA cyberattack, the hackers used Phoenix Locker, a malware that is a variant of the ransomware dubbed ‘Hades’ which was created by the Russian cybercrime syndicate known as Evil Corp.

According to BleepingComputer, the Phoenix Locker threat actors encrypted more than 15,000 devices after deploying ransomware payloads on CNA’s network on March 21.

The news website also discovered that the cybercriminals encrypted the devices of remote workers who were logged into the company’s VPN during the incident.

In May, the insurance company had reportedly agreed to pay a $40 million ransom in order to restore access to its systems.

Besides informing its customers about the data breach, CNA has also notified the FBI and the company is working closely with law enforcement as they conduct their own investigation into the matter.

Additionally, to help prevent a similar occurrence in the future, the company stated it implemented numerous additional measures created to enhance the security of their network, systems and data.

CNA declared it will be offering 24 months of complimentary credit monitoring and fraud protection services through Experian. They are also providing a toll-free hotline for the individuals to call with any questions regarding the incident.

Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

Leave a Reply

Your email address will not be published. Required fields are marked *