Exposed: Sensitive Data Of 146,000 Aon Customers
Aon is a British multinational financial services company that has a range of risk-mitigation products has only recently announced that it suffered from a large data hack in which information belonging to over 145,000 customers based in North America was exposed.
The commercial insurance brokerage giant Aon calls itself the 'go-to cyber response team.' But hackers breached its systems for well over a year. The company has reported that its systems were breached at varying times between December 29 2020 and February 26 2022.
In May Aon informed the affected individuals, saying that personally identifiable information, including driver’s license numbers, Social Security numbers were exposed and “in a small number of cases, benefits enrolment information... Aon has taken steps to confirm that the unauthorised third party no longer has access to the data and Aon has no indication the unauthorised third party further copied, retained or shared any of the data,” the letter said. “We have no reason to suspect your information has or will be misused.”
Aon first disclosed the security breach in February, when it was discovered, to the US Securities and Exchange Commission (SEC). More details of the attack were made public in late May, when Aon notified affected individuals that their personally identifiable information stored on Aon servers was accessed.
Aon worked with security teams to ensure that the third party responsible for the breach can no longer access the sensitive data.
In an emailed statement, an Aon spokesperson claimed that Aon hired an outside firm to conduct an investigation and swiftly informed the FBI after learning of the breach. “Our investigation is complete and we have concluded the process of notifying those clients and individuals whose personal information was temporarily obtained,” the statement said. “The third-party investigation found no evidence that the information has been or will be misused. Since the event occurred, we’ve implemented a series of controls designed to further strengthen existing safeguards and provided complimentary credit monitoring services for those individuals who have received notice.”
Aon say the company wasn’t a ransomware victim and hadn’t lost control of its systems or paid to have them restored. So far, there is no indication that any of the data was shared. Customers were offered a 24-month membership with an identity protection firm to ensure that they are not subject to any further damage.
AON: Chicago Business: Oodaloop: Infosecurity Magazine: Masterji Tips: The Cybersecurity News:
You Might Also Read: