CNA is investigating a “sophisticated cybersecurity attack” the commercial lines insurer said disrupted its network and impacted corporate email and other systems.
The commercial insurer said it learned of the incident on March 21, after which it brought in “third-party forensic expert” to investigate. As well, the Chicago-based company alerted law enforcement and said it is cooperating with authorities.
CNA said it disconnected its systems from its network as a precaution, though it provided workarounds where possible so employees could continue operating and serve policyholders.
As of March 24, its website was all but disabled, save for a home-page note explaining what happened, and how insureds and policyholders could deal with billing issues and report claims in the interim.
“The security of our data and that of our insureds’ and other stakeholders is of the utmost importance to us,” CNA said in its web site statement, adding it will notify policyholders directly if the cyber attack adversely affected any of their data.
*A version of this story ran previously in our sister publication Insurance Journal.