The insurance giant saw its network, corporate email and other systems affected by novel ransomware, which resulted in the company’s website going offline after the incident, which took place on 21 March 2021.
After the incident, CNA took all of its systems offline, even the unaffected ones, and approached both cybersecurity experts and the authorities to investigate the incident.
In a statement on its website, CNA Financials said: “On March 21, 2021, CNA determined that it sustained a sophisticated cybersecurity attack. The attack caused a network disruption and impacted certain CNA systems, including corporate email.
“Upon learning of the incident, we immediately engaged a team of third-party forensic experts to investigate and determine the full scope of this incident, which is ongoing. We have alerted law enforcement and will be cooperating with them as they conduct their own investigation.”
He added: “Out of an abundance of caution, we have disconnected our systems from our network, which continue to function. We’ve notified employees and provided workarounds where possible to ensure they can continue operating and serving the needs of our insureds and policyholders to the best of their ability.
“The security of our data and that of our insureds and other stakeholders is of the utmost importance to us. Should we determine that this incident impacted our insureds’ or policyholders’ data, we’ll notify those parties directly.”