Exposed: Sensitive Data Of 146,000 Aon Customers

Uploaded on 2022-07-13 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

Aon is a British multinational financial services company that has a range of risk-mitigation products has only recently announced that it suffered from a large data hack in which information belonging to over 145,000 customers based in North America was exposed. 

The commercial insurance brokerage giant Aon calls itself the 'go-to cyber response team.' But hackers breached its systems for well over a year. The company has reported that its systems were breached at varying times between December 29 2020 and February 26 2022. 

In May Aon informed the affected individuals, saying that personally identifiable information, including driver’s license numbers, Social Security numbers were exposed and “in a small number of cases, benefits enrolment information... Aon has taken steps to confirm that the unauthorised third party no longer has access to the data and Aon has no indication the unauthorised third party further copied, retained or shared any of the data,” the letter said. “We have no reason to suspect your information has or will be misused.”

Aon first disclosed the security breach in February, when it was discovered, to the US Securities and Exchange Commission (SEC). More details of the attack were made public in late May, when Aon notified affected individuals that their personally identifiable information stored on Aon servers was accessed.

Aon worked with security teams to ensure that the third party responsible for the breach can no longer access the sensitive data.

In an emailed statement, an Aon spokesperson claimed that Aon hired an outside firm to conduct an investigation and swiftly informed the FBI after learning of the breach. “Our investigation is complete and we have concluded the process of notifying those clients and individuals whose personal information was temporarily obtained,” the statement said.  “The third-party investigation found no evidence that the information has been or will be misused. Since the event occurred, we’ve implemented a series of controls designed to further strengthen existing safeguards and provided complimentary credit monitoring services for those individuals who have received notice.”

Aon say the company wasn’t a ransomware victim and hadn’t lost control of its systems or paid to have them restored. So far, there is no indication that any of the data was shared. Customers were offered a 24-month membership with an identity protection firm to ensure that they are not subject to any further damage.

AON:     Chicago Business:     Oodaloop:    Infosecurity Magazine:    Masterji Tips:    The Cybersecurity News

You Might Also Read: 

Personal Data Of Two Million Texans Left Exposed For Years:

 

« New Scanning Tool Protects Websites From Attack
N.Korean Hackers Target US Health Providers With Ransomware »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Northwave

Northwave

Northwave offers an Intelligent combination of cyber security services to protect your information.

Luxembourg Institute of Science & Technology (LIST)

Luxembourg Institute of Science & Technology (LIST)

LIST is a mission-driven Research and Technology Organisation. Areas of research include IT and aspects of IT security.

AppSec Labs

AppSec Labs

AppSec Labs specialise in application security. Our mission is to raise awareness in the software development world to the importance of integrating software security across the development lifecycle.

Swimlane

Swimlane

Swimlane is a leader in security automation and orchestration (SAO). Our platform empowers organizations to manage, respond and neutralize cyber threats with adaptability, efficiency and speed.

Sky Data Vault

Sky Data Vault

Sky Data Vault provide the simplest and most cost effective method of Disaster Recovery / Business Continuity for mission critical systems and applications.

Ecubel

Ecubel

Ecubel is the market leader in Belgium in buying and selling used IT harware guaranteed by a certified data erasure.

TROOPERS

TROOPERS

TROOPERS InfoSec event consists of two days of high-end training, followed by a two-day, three-track conference, culminating in Roundtables on the final day.

DigiByte (DGB)

DigiByte (DGB)

DigiByte (DGB) is a rapidly growing global blockchain with a focus on cybersecurity for digital payments & decentralized applications.

Riskaware

Riskaware

CyberAware, by Riskaware, provides business-critical cyber attack analysis and impact assessments using NIST standards aligned with NCSC guidance.

Technisanct

Technisanct

Technisanct works with Governments, especially Law Enforcement and Defence agencies, helping them in monitoring threats, managing their data and resolving their forensic needs.

Digitale Gründerinitiative Oberpfalz (DGO)

Digitale Gründerinitiative Oberpfalz (DGO)

Digital Founder Initiative Oberpfalz's goal is to build a sustainable start-up culture in the field of digitization throughout the Upper Palatinate district of Bavaria.

Oman Technology Fund (OTF)

Oman Technology Fund (OTF)

Oman Technology Fund aims to make Oman the preferred destination for emerging tech companies in the region, and an attractive and stimulating destination for venture capital.

GajShield

GajShield

GajShield Infotech provides Data Security Firewall solutions to Corporate’s and Government agencies.

Securance Consulting

Securance Consulting

Since 2002, Securance has empowered enterprises to assume proactive security, compliance, and risk management strategies.

JLS Technology

JLS Technology

Since 2007, JLS Tech has been recognized as one of the world’s most innovative cybersecurity and technology operations leaders.

WaveLink

WaveLink

WaveLink offers low risk, results-oriented Engineering Services and best-of-class Technical Support Services. Areas of expertise include cyber and security engineering.