Exposed: Sensitive Data Of 146,000 Aon Customers

Uploaded on 2022-07-13 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

Aon is a British multinational financial services company that has a range of risk-mitigation products has only recently announced that it suffered from a large data hack in which information belonging to over 145,000 customers based in North America was exposed. 

The commercial insurance brokerage giant Aon calls itself the 'go-to cyber response team.' But hackers breached its systems for well over a year. The company has reported that its systems were breached at varying times between December 29 2020 and February 26 2022. 

In May Aon informed the affected individuals, saying that personally identifiable information, including driver’s license numbers, Social Security numbers were exposed and “in a small number of cases, benefits enrolment information... Aon has taken steps to confirm that the unauthorised third party no longer has access to the data and Aon has no indication the unauthorised third party further copied, retained or shared any of the data,” the letter said. “We have no reason to suspect your information has or will be misused.”

Aon first disclosed the security breach in February, when it was discovered, to the US Securities and Exchange Commission (SEC). More details of the attack were made public in late May, when Aon notified affected individuals that their personally identifiable information stored on Aon servers was accessed.

Aon worked with security teams to ensure that the third party responsible for the breach can no longer access the sensitive data.

In an emailed statement, an Aon spokesperson claimed that Aon hired an outside firm to conduct an investigation and swiftly informed the FBI after learning of the breach. “Our investigation is complete and we have concluded the process of notifying those clients and individuals whose personal information was temporarily obtained,” the statement said.  “The third-party investigation found no evidence that the information has been or will be misused. Since the event occurred, we’ve implemented a series of controls designed to further strengthen existing safeguards and provided complimentary credit monitoring services for those individuals who have received notice.”

Aon say the company wasn’t a ransomware victim and hadn’t lost control of its systems or paid to have them restored. So far, there is no indication that any of the data was shared. Customers were offered a 24-month membership with an identity protection firm to ensure that they are not subject to any further damage.

AON:     Chicago Business:     Oodaloop:    Infosecurity Magazine:    Masterji Tips:    The Cybersecurity News

You Might Also Read: 

Personal Data Of Two Million Texans Left Exposed For Years:

 

« New Scanning Tool Protects Websites From Attack
N.Korean Hackers Target US Health Providers With Ransomware »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

SecurityScorecard

SecurityScorecard

SecurityScorecard provides the most accurate security ratings & continuous risk monitoring for vendor and third party risk management.

ZeroNorth

ZeroNorth

ZeroNorth provides a new approach to improve software and infrastructure security, simplify continuous compliance reporting and to create more cost-effective risk management programs.

CultureAI

CultureAI

CultureAI deliver intelligent cyber security awareness education and tools that build resilient security cultures where employees help defend.

Fischer Identity

Fischer Identity

Fischer Identity provide identity & access management and identity governance administration solutions.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Rigado

Rigado

Rigado's mission is to enable commercial IoT success by providing high-performance secure and scalable wireless edge connectivity and network infrastructure.

DDLS

DDLS

DDLS is Australia's largest provider of corporate IT, process training and cybersecurity training courses and certification programs.

Crosspoint Capital Partners

Crosspoint Capital Partners

Crosspoint Capital Partners is a private equity investment firm focused on the cybersecurity and privacy sectors.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cornami

Cornami

Cornami delivers real-time computing on encrypted data sets, which is vital for data privacy and cloud security.

Banyax

Banyax

Banyax provides 24×7 real-time Cyber Defense Center Services using the latest technology tools to provide state-of-the-art defense.

GetHacked.ca

GetHacked.ca

GetHackded.ca is a certified company offering penetration testing and specialized cybersecurity services.

StealthPath

StealthPath

StealthPath is focused on endpoint protection, securing the “implicit trust” vulnerabilities of current leading information security solutions.

Increase Your Skills (IYS)

Increase Your Skills (IYS)

Armed and ready: raise awareness of cyberattacks in your company with the Full-Service Awareness Platform from IYS – fast and effective. We help you develop a robust, sustainable security strategy.

Atlantica Digital

Atlantica Digital

Atlantica design and create highly innovative software solutions and solid, scalable and secure IT infrastructures for a constantly evolving market.

Mirazon

Mirazon

Mirazon was formed to provide networking infrastructure assistance to businesses large or small. We provide Managed IT Services, Cybersecurity, and IT Consulting.