A ransomware attack against Chubb, a major cyber security insurance provider, has resulted in the unauthorised access to data belonging to a third-party.
On Maze’s “News” site, the operators behind the ransomware claim to have encrypted devices on Chubb’s networks in March.
Similar to other ransomware, Maze has adopted the tactic of stealing company files before encrypting their network, so the files can be used as leverage by threatening to release them publicly if the ransom is not paid.
Maze has not yet published any of the allegedly stolen data, but has released the email addresses of CEO Evan Greenberg, COO John Keogh, Vice Chairman John Lupica, and other executives.
In a statement to BleepingComputer, a spokesperson said that it was investigating a “security incident” which may have involved the “unauthorised access to data held by a third-party service provider.”
The spokesperson added that there is no evidence to indicate that Chubb’s network was affected by the incident: “Our network remains fully operational and we continue to service all policyholder needs, including claims.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.