Exposed: Sensitive Data Of 146,000 Aon Customers

Uploaded on 2022-07-13 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

Aon is a British multinational financial services company that has a range of risk-mitigation products has only recently announced that it suffered from a large data hack in which information belonging to over 145,000 customers based in North America was exposed. 

The commercial insurance brokerage giant Aon calls itself the 'go-to cyber response team.' But hackers breached its systems for well over a year. The company has reported that its systems were breached at varying times between December 29 2020 and February 26 2022. 

In May Aon informed the affected individuals, saying that personally identifiable information, including driver’s license numbers, Social Security numbers were exposed and “in a small number of cases, benefits enrolment information... Aon has taken steps to confirm that the unauthorised third party no longer has access to the data and Aon has no indication the unauthorised third party further copied, retained or shared any of the data,” the letter said. “We have no reason to suspect your information has or will be misused.”

Aon first disclosed the security breach in February, when it was discovered, to the US Securities and Exchange Commission (SEC). More details of the attack were made public in late May, when Aon notified affected individuals that their personally identifiable information stored on Aon servers was accessed.

Aon worked with security teams to ensure that the third party responsible for the breach can no longer access the sensitive data.

In an emailed statement, an Aon spokesperson claimed that Aon hired an outside firm to conduct an investigation and swiftly informed the FBI after learning of the breach. “Our investigation is complete and we have concluded the process of notifying those clients and individuals whose personal information was temporarily obtained,” the statement said.  “The third-party investigation found no evidence that the information has been or will be misused. Since the event occurred, we’ve implemented a series of controls designed to further strengthen existing safeguards and provided complimentary credit monitoring services for those individuals who have received notice.”

Aon say the company wasn’t a ransomware victim and hadn’t lost control of its systems or paid to have them restored. So far, there is no indication that any of the data was shared. Customers were offered a 24-month membership with an identity protection firm to ensure that they are not subject to any further damage.

AON:     Chicago Business:     Oodaloop:    Infosecurity Magazine:    Masterji Tips:    The Cybersecurity News

You Might Also Read: 

Personal Data Of Two Million Texans Left Exposed For Years:

 

« New Scanning Tool Protects Websites From Attack
N.Korean Hackers Target US Health Providers With Ransomware »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

SecPoint

SecPoint

SecPoint provides products to secure & protect your network from remote and local attacks.

Tripwire

Tripwire

Tripwire are a leading provider of risk-based security, compliance and vulnerability management solutions.

Team Cymru Research NFP

Team Cymru Research NFP

Team Cymru Research is a group of technologists passionate about making the Internet more secure and dedicated to that goal.

National Trading Standards eCrime Team (NTSeCT) - United Kingdom

National Trading Standards eCrime Team (NTSeCT) - United Kingdom

The National Trading Standards eCrime Team tackles online consumer scams, rip-offs and fraud, as well as those committed by text or email.

Center for Strategic Cyberspace & International Studies (CSCIS)

Center for Strategic Cyberspace & International Studies (CSCIS)

CSCIS seeks to advance global cyberspace security and prosperity by providing strategic insights for cyberspace and policy solutions to decision makers.

Uppsala Security

Uppsala Security

Uppsala Security built the first crowdsourced Threat Intelligence platform known as the Sentinel Protocol, which is powered by blockchain technology.

KOVRR

KOVRR

Kovrr financially quantifies cyber risk on demand. Our technology enables decision makers to seamlessly drive actionable cyber risk management decisions.

SHIELD

SHIELD

SHIELD is an established end-to-end fraud management solution that blocks fraudulent activities such as account takeovers, fake accounts creation, fraudulent payments, loyalty fraud and more.

Scythe

Scythe

SCYTHE is a next generation red team platform for continuous and realistic enterprise risk assessments.

MalwareFox

MalwareFox

MalwareFox is an advanced, yet simple-to-use anti-malware solution for Windows computers. We provide aggressive detection capabilities and an effective malware removal tool to keep your systems safe.

ESC - Enterprise Security Center

ESC - Enterprise Security Center

ESC is a system house specializing exclusively in IT security - Security Implementation & Optimization, Operations, Managed Security Services.

Allentis

Allentis

Allentis provide adapted solutions to ensure the security and performance of your information system.

Redbot Security

Redbot Security

Redbot Security provides industry leading manual penetration testing. Protecting critical systems and data - red team attack and breach simulations, (OT) critical infrastructure testing.

ThreatNix

ThreatNix

ThreatNix is a tight knit group of experienced security professionals who are committed to providing competent cybersecurity solutions that adhere to international standards.

Kong

Kong

Kong - powering the API world. Increase developer productivity, security, and performance at scale with the unified platform for API management, service mesh, and ingress controller.

ThreatCaptain

ThreatCaptain

ThreatCaptain is a Cybersecurity Leadership Development Company driven to enhance and illuminate cybersecurity risk through strategic alignment and informed business decision-making.