Aon hit by Russian MOVEit data hack

Cyber security

Insurance Post can reveal that Aon has been caught up in the MOVEit data hack, which has embroiled a number of major corporations.

The Russia-linked ransomware group Clop has been exploiting a security flaw in MOVEit Transfer, a tool used by businesses in various industries to transfer files.

Progress Software, the developer of the MOVEit software, has fixed the gap in the system’s vulnerability, but hackers got there first and compromised a number of its customers.

It had looked like UK operational insurance businesses had managed to swerve the attack, but Post can now confirm global broker Aon has been caught up in it.

A spokesperson for Aon confirmed the hack to Post, and said the broker had shut off access to MOVEit.

The spokesperson said: “Progress Software, a third-party software provider Aon uses for managed file transfers, notified Aon that the company had identified a previously unknown vulnerability in its software, known as MOVEit Transfer.

"Upon notification, Aon shut off access to MOVEit, initiated its incident response procedures and enabled the patches, restoring MOVEit services for Aon colleagues and clients.”

Aon has opened an investigation into the incident, as it has determined that a number of clients have had details downloaded by an unauthorised party.

The spokesperson continued: “Our investigation, supported by leading third-party advisers, remains ongoing.

"While we are still working to associate specific data elements with Aon clients, we have determined that certain files related to a select number of our clients that were processed in the MOVEit Transfer application were downloaded by an unauthorised party.

“This download occurred before Progress Software disclosed the vulnerability publicly. We are in the process of notifying impacted clients.”

Until Aon completes its investigation, it is unclear how much data has been compromised.

It is also unclear if any other insurance firms have been affected, although it is reported that a printing firm used by several insurance entities, including Aon, was also hit by the attack.

Andrew Martin, CEO and founder of Dynarisk, said the MOVEit vulnerability caught dozens of organisations off guard.

Martin said: "Smaller organisations need to up their game to defend against cyber attacks while large companies like Aon need to do more to reduce their attack surface, implement layered security controls and monitor their supply chain.

"DynaRisk analysed 47 companies affected by this attack and found 30 of 47 were rated higher risk than peers. These companies could certainly have done more to improve their security to reduce the likelihood and severity of a breach such as this.

"While this first wave of ransoms has been significant, it is only a matter of time before more ransomware groups begin leveraging this issue and widen the scope of companies that will be compromised."

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact or view our subscription options here:

You are currently unable to copy this content. Please contact to find out more.

Gallagher’s Kruger on the benefits of reverse mentoring

View from the Top: Brent Kruger, chief information officer at Gallagher, is currently a mentee on a reverse mentoring programme and shares his thoughts on how these initiatives can play an important role in building a more inclusive culture.

FCA commission crackdown goes beyond flats

Editor’s View: The Financial Conduct Authority’s policy statement on multi-occupancy buildings insurance in September plus the decision to push the pause button on guaranteed asset protection insurance sales last week was “a shot across the bow” on percentage-based broker pay.

Big Interview: Chubb’s Mark Roberts

Mark Roberts, division president for UK, Ireland and South Africa at Chubb, tells Jonathan Swift he is looking to create wider and deeper relationships with UK brokers plus what factors will help differentiate his insurer from the congested run-of-the-mill ‘pack’.

You need to sign in to use this feature. If you don’t have an Insurance Post account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here