A subsidiary group of French insurance giant AXA was hit by a ransomware attack last week that negatively impacted operations in multiple Asian countries.
The Financial Times first reported Sunday that AXA Partners, a subsidiary of the insurance group which is one of the largest in France, had been targeted by a ransomware attack in Thailand, Malaysia, Hong Kong and the Philippines.
A spokesperson for AXA Partners confirmed the breach to The Hill on Monday, noting that the company’s Asia Assistance division had been “the victim of a targeted ransomware attack which impacted its IT operations in Thailand, Malaysia, Hong Kong, and the Philippines.”
“As a result, certain data processed by Inter Partners Asia (IPA) in Thailand has been accessed,” the spokesperson said in a statement provided to The Hill. “At present, there is no evidence that any further data was accessed beyond IPA in Thailand. A dedicated taskforce with external forensic experts is investigating the incident. Regulators and business partners have been informed.”
“AXA takes data privacy very seriously and if IPA’s investigations confirms that sensitive data of any individuals have been affected, the necessary steps will be taken to notify and support all corporate clients and individuals impacted,” the spokesperson noted.
The Financial Times reported that a ransomware variant known as “Avaddon” had been used to target the company, with around three terabytes of data stolen, including pictures of IDs, passport pages, bank documents, health records and other sensitive personal information.
AXA Philippines wrote on its Facebook page Saturday that it was “experiencing technical issues” involving the use of the MyAXA web portal, apologizing to customers and noting the company was “working on the issue.”
The attack came days after The Associated Press reported that AXA would stop issuing insurance policies for companies hit by ransomware attacks that paid the hackers to regain access to their networks.
Ransomware attacks have increased steadily worldwide over the past few years, but have jumped during the COVID-19 pandemic, with critical organizations such as schools and hospitals increasingly targeted.
The Colonial Pipeline, which supplies around 45 percent of the East Coast’s fuel, was forced to shut down operations for most of last week due to a ransomware attack on its IT network by cyber criminals, which President Biden later said were likely based in Russia.
The company reportedly chose to pay the equivalent of $5 million in ransom to gain access to they systems and get the pipeline up and running again, drawing backlash from officials who warned that paying hackers only encourages future ransomware attacks.