Exposed: Sensitive Data Of 146,000 Aon Customers

Uploaded on 2022-07-13 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

Aon is a British multinational financial services company that has a range of risk-mitigation products has only recently announced that it suffered from a large data hack in which information belonging to over 145,000 customers based in North America was exposed. 

The commercial insurance brokerage giant Aon calls itself the 'go-to cyber response team.' But hackers breached its systems for well over a year. The company has reported that its systems were breached at varying times between December 29 2020 and February 26 2022. 

In May Aon informed the affected individuals, saying that personally identifiable information, including driver’s license numbers, Social Security numbers were exposed and “in a small number of cases, benefits enrolment information... Aon has taken steps to confirm that the unauthorised third party no longer has access to the data and Aon has no indication the unauthorised third party further copied, retained or shared any of the data,” the letter said. “We have no reason to suspect your information has or will be misused.”

Aon first disclosed the security breach in February, when it was discovered, to the US Securities and Exchange Commission (SEC). More details of the attack were made public in late May, when Aon notified affected individuals that their personally identifiable information stored on Aon servers was accessed.

Aon worked with security teams to ensure that the third party responsible for the breach can no longer access the sensitive data.

In an emailed statement, an Aon spokesperson claimed that Aon hired an outside firm to conduct an investigation and swiftly informed the FBI after learning of the breach. “Our investigation is complete and we have concluded the process of notifying those clients and individuals whose personal information was temporarily obtained,” the statement said.  “The third-party investigation found no evidence that the information has been or will be misused. Since the event occurred, we’ve implemented a series of controls designed to further strengthen existing safeguards and provided complimentary credit monitoring services for those individuals who have received notice.”

Aon say the company wasn’t a ransomware victim and hadn’t lost control of its systems or paid to have them restored. So far, there is no indication that any of the data was shared. Customers were offered a 24-month membership with an identity protection firm to ensure that they are not subject to any further damage.

AON:     Chicago Business:     Oodaloop:    Infosecurity Magazine:    Masterji Tips:    The Cybersecurity News

You Might Also Read: 

Personal Data Of Two Million Texans Left Exposed For Years:

 

« New Scanning Tool Protects Websites From Attack
N.Korean Hackers Target US Health Providers With Ransomware »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jones Day

Jones Day

Jones Day is an international law firm based in the United States. Practice areas include Cybersecurity, Privacy & Data Protection.

Qualys

Qualys

Qualys is a pioneer and leading provider of cloud security and compliance solutions.

Maryville Online - Cybersecurity Program

Maryville Online - Cybersecurity Program

The Cybersecurity Program at Maryville Online is designed to help students reach opportunities in cybersecurity leadership and management through an entirely online curriculum.

SAI360

SAI360

SAI360 (formerly SAI Global) provide products and services for enterprise risk management including Governance, Risk & Compliance and Digital Risk solutions.

EdgeWave

EdgeWave

EdgeWave provides simple but highly effective data security and advanced threat protection in solutions that are affordable, scalable and easy to use.

Cyber Defense Labs

Cyber Defense Labs

Cyber Defense Labs helps companies identify, mitigate and reduce risk as a trusted, reliable partner for cyber risk management.

SoftLock

SoftLock

Softlock is a regional leader in Information Security providing solutions, consulting, integration and testing services to protect information assets, identities and supporting infrastructure.

Protocol Labs

Protocol Labs

Protocol Labs is a research, development, and deployment institution for improving Internet technology.

GuardSight

GuardSight

GuardSight is a provider of specialized cybersecurity services to safeguard businesses, government, and remote workers against sophisticated cyber threats.

BIO-key

BIO-key

BIO-key is a pioneer and innovator, we are recognized as a leading developer of fingerprint biometric authentication and security solutions.

White Hawk Software

White Hawk Software

White Hawk provides code tamper-proofing solutions to protect mission critical software applications from malicious and Zero day attacks and reverse engineering at run time.

ELLIO Technology

ELLIO Technology

ELLIO Technology is a cybersecurity company that reduces alert overload, improves incident response, and helps security teams target serious attackers who pose a real threat.

SphereX Technologies

SphereX Technologies

SphereX is the first on-chain security solution for Web3 applications.

DataProof Communications

DataProof Communications

DataProof Communications is Cybersecurity Company specialising in cybersecurity operations, incident management and response best practices and technologies.

E-CQURITY (ECQ)

E-CQURITY (ECQ)

ECQ is a network security company offering offensive security services and solutions focused on active offensive and defensive positioning.

Seers

Seers

Seers is the world’s leading privacy & consent management platform for companies worldwide. Trusted by over 50,000+ businesses.