Aon hit by Russian MOVEit data hack

Cyber security

Insurance Post can reveal that Aon has been caught up in the MOVEit data hack, which has embroiled a number of major corporations.

The Russia-linked ransomware group Clop has been exploiting a security flaw in MOVEit Transfer, a tool used by businesses in various industries to transfer files.

Progress Software, the developer of the MOVEit software, has fixed the gap in the system’s vulnerability, but hackers got there first and compromised a number of its customers.

It had looked like UK operational insurance businesses had managed to swerve the attack, but Post can now confirm global broker Aon has been caught up in it.

A spokesperson for Aon confirmed the hack to Post, and said the broker had shut off access to MOVEit.

The spokesperson said: “Progress Software, a third-party software provider Aon uses for managed file transfers, notified Aon that the company had identified a previously unknown vulnerability in its software, known as MOVEit Transfer.

"Upon notification, Aon shut off access to MOVEit, initiated its incident response procedures and enabled the patches, restoring MOVEit services for Aon colleagues and clients.”

Aon has opened an investigation into the incident, as it has determined that a number of clients have had details downloaded by an unauthorised party.

The spokesperson continued: “Our investigation, supported by leading third-party advisers, remains ongoing.

"While we are still working to associate specific data elements with Aon clients, we have determined that certain files related to a select number of our clients that were processed in the MOVEit Transfer application were downloaded by an unauthorised party.

“This download occurred before Progress Software disclosed the vulnerability publicly. We are in the process of notifying impacted clients.”

Until Aon completes its investigation, it is unclear how much data has been compromised.

It is also unclear if any other insurance firms have been affected, although it is reported that a printing firm used by several insurance entities, including Aon, was also hit by the attack.

Andrew Martin, CEO and founder of Dynarisk, said the MOVEit vulnerability caught dozens of organisations off guard.

Martin said: "Smaller organisations need to up their game to defend against cyber attacks while large companies like Aon need to do more to reduce their attack surface, implement layered security controls and monitor their supply chain.

"DynaRisk analysed 47 companies affected by this attack and found 30 of 47 were rated higher risk than peers. These companies could certainly have done more to improve their security to reduce the likelihood and severity of a breach such as this.

"While this first wave of ransoms has been significant, it is only a matter of time before more ransomware groups begin leveraging this issue and widen the scope of companies that will be compromised."

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact info@postonline.co.uk or view our subscription options here: http://subscriptions.postonline.co.uk/subscribe

You are currently unable to copy this content. Please contact info@postonline.co.uk to find out more.

Broker Review of the Year 2024

Brokers were pleased with M&A activity in 2024 but ticked off by disproportionate regulation, capacity exiting the market and artificial intelligence failing to live up to expectations.

Insurance Post’s Christmas Special Podcast

Post content director Jonathan Swift, news editor Scott McGee and Emma Ann Hughes, editor, ditch the usual format of our publication’s award-winning podcast to deliver a holly, jolly Christmas Special.

Most read articles loading...

You need to sign in to use this feature. If you don’t have an Insurance Post account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here