Insurance Giant CNA Reports Data Breach

CNA Financial Corporation, a leading insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March.

“The investigation revealed that the threat actor accessed certain CNA systems at various times from March 5, 2021 to March 21, 2021,” CNA said in breach notification letters mailed to affected customers.

The data breach affected 75,349 individuals, according to breach information filed with the office of Maine’s Attorney General.

After reviewing the files stolen during the attack, it was discovered that they contained customers’ personal information such as names and Social Security numbers and in some instances information related to health benefits for certain individuals. The majority of individuals affected are current and former employees, contract workers and their dependents.

CNA reported that it has restored the systems impacted in the ransomware attack and is operating “in a fully restored state.”

Attorneys at Finkelstein, Blankinship, Frei-Pearson & Garber, LLP have successfully recovered millions of dollars on behalf of data breach victims.  We are currently investigating this matter, as well as other data breaches.  If you believe that your information may have been unlawfully accessed, please contact us to discover your legal options.