Cybersecurity Insurer Chubb Hit With Possible Ransomware Attack

The company said it had no evidence the incident affected its own network and remains fully operational.
Lauren MuskettMarch 27, 2020
Cybersecurity Insurer Chubb Hit With Possible Ransomware Attack

Cybersecurity insurance provider Chubb has been investigating a data breach that gave hackers unauthorized access to information belonging to a third party.

A company spokesperson confirmed the “security incident” but said there was no evidence Chubb’s own network was affected and it remained “fully operational.”

The breach was first reported by Tech Crunch.

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

Brett Callow, an analyst at the security firm Emsisoft, said the hack was carried out by the ransomware group Maze that steals data from networks and holds it hostage while extorting companies for payment.

According to Callow, the hackers announced on their website that they had stolen Chubb data earlier this month and included the names and email addresses of chief executive officer Evan Greenberg and other senior executives.

The hackers had not yet published the stolen files.

In late December, the FBI issued a warning to U.S. companies over Maze ransomware, saying the hackers had carried out a series of recent attacks, sometimes pretending to be government agencies.

“From its initial observation, Maze used multiple methods for intrusion, including the creation of malicious look-a-like cryptocurrency sites and malspam campaigns impersonating government agencies and well-known security vendors,” the warning said.

The FBI did not disclose the victims of the Maze attacks.

In November, the retailer Target filed a lawsuit against Chubb alleging Chubb did not compensate it adequately for the costs it incurred following a 2013 data breach that affected 110 million customers.

“Target has been in discussions with the American Insurance Company (ACE) for over a year and recently filed a lawsuit against ACE to recoup costs Target had to pay banks for printing and mailing replacement payment cards after the 2013 data breach.”

“We believe the costs are covered within the scope of the insurance policy Target has with ACE and are focused on resolving the outstanding claim,” Target said at the time.

ACE was bought by Chubb in 2015.