Ouch.
One week after the French branch of cyber insurance giant AXA said that it would no longer be writing policies to cover ransomware payments, the company’s operations in Thailand, Malaysia, Hong Kong, and the Phillippines have reportedly been hit… by a ransomware attack.
As the Financial Times reports, the Avaddon ransomware gang posted on its website over the weekend that it had stolen 3 terabytes worth of data, including:
- customers’ personally identifiable information, including scans of passports and ID documents
- customers’ medical records, hospital bills, and claims
According to the FT, AXA says the compromised data was processed in a unit called Inter Partners Asia based out of Thailand, and that “there is no evidence that any further data was accessed.”
On its Facebook page, AXA Phillippines said that its MyAXA web portal was currently “experiencing technical issues”, and that customers with urgent concerns should phone the company’s customer care hotline.
Important advisory
The MyAXA web portal is currently inaccessible. We apologize for the inconvenience.
Please be assured that we are working on the issue. In the meantime, please reach out to your AXA financial partner for any inquiries or concerns. Thank you.
No information has been shared regarding how large a ransom the Avaddon gang are demanding from AXA, or whether AXA has ruled out paying a ransom or not.
As I reported in March, some ransomware gangs have said that they specifically target firms who have cyber insurance (believing they are more likely to pay up)… before then hitting the insurance company itself.
Did they have insurance for that? :-)