Insurance Cyber Incident Tracker

Cyber incident tracker

Data rich insurance businesses have been warned they are a prime target for cyber criminals, with major firms facing up to cyber disruption and ransomware attacks. Who has been affected?



  • RANSOMWARE/CYBER ATTACK Chubb confirmed the insurer was investigating a computer security incident in March 2020. Hacker group Maze Ransomware claimed responsibility for the incident. [New Jersey, US]
  • DATA BREACH Canadian insurer Heartland Farm Mutual was hit by a data breach that could have involved unauthorised access to an employee’s email that contained personal information, its CEO Louis Durocher confirmed in a statement to Global News in June 2020. [Waterloo, Ca]
  • RANSOMWARE/CYBER ATTACK In a September 2020 regulatory filing, broker Gallagher confirmed it had been hit by a ransomware incident that had hit a “limited portion” of its internal systems. [Chicago, US]
  • RANSOMWARE/CYBER ATTACK In September 2020, broker Ardonagh said it was taking “remedial action” after a cyber incident that it said hit a “limited part” of its group. The Towergate website was unavailable at the time, with other group businesses including Autonet, Arachas, Bishopsgate, Bravo Group, Carole Nash, Geo Underwriting, Price Forbes and Swinton appearing to operate normally. Ardonagh updated Post in June 2021 that the cyber incident was ransomware in nature but the threat was eradicated and contained with “no evidence of customer, carrier or broker evidence leaving our estate”.


  • RANSOMWARE/CYBER ATTACK CNA Hardy was hit by a cyber attack in late March 2021. The insurer paid out a $40m ransome to the hackers, Bloomberg reported. [Chicago, US]
  • DATA BREACH/COMPANY ISSUE In April US-based insurer Geico confirmed a data breach that saw hackers gain unauthorised access to drivers license information through its online sales system between January and March 2021. The information used to acquire the information was obtained elsewhere, Geico set out in a letter shared on the California Attorney General’s website. [Maryland, US]
  • COMPANY ISSUE/DATA BREACH On 13 May 2021, US-based insurtech Lemonade denied that a website vulnerability could enable people to enter and edit its users’ accounts, as alleged by an activist short seller Muddy Waters. Lemonade said the alleged issue was instead a “feature”. A Muddy Waters spokesperson told Post that within hours of the investment firm notifying the insurer of the alleged problem it had been fixed. [New York, US]
  • RANSOMWARE/CYBER ATTACK Doncaster-based broker One Call Insurance was hit with a ransomware incident in mid-May 2021. The attack resulted in disruption to its IT systems, including its customer support channels. The broker ceased taking new instructions and onboarding clients as it looked to tackle the problem. IT experts were investigating whether customer data had been compromised, One Call confirmed in a 21 May update. [Doncaster, UK] 
  • RANSOMWARE/CYBER ATTACK In late May 2021, Axa faced a ransomware attack affecting its IT operations based in Thailand, the Philippines, Malaysia and Hong Kong. The Avaddon ransomware gang said it was responsible for the incident, Hackread reported, and claimed it had stolen 3tb of the group’s data, allegedly including passport copies, ID cards, claims, payment information, medical reports and bank account scans. [Thailand, Philippines, Malaysia, HK] 
  • COMPANY ISSUE/DATA BREACH In August 2021 Ryan Specialty updated that it is contacting potentially affected individuals following an investigation that deemed personal information was accessible between 4 April and 20 April 2021 after some employees’ email accounts were accessed without authorisation. [Chicago, US]​​​​​​​
  • RANSOMWARE/CYBER ATTACK Tokio Marine Insurance Singapore has been subject to a ransomware cyber-attack. As of 16 August 2021 there was “no indication of a breach of any customer information nor confidential information”, Tokio Marine Holdings updated as it confirmed there was no impact to other group companies. [Singapore]

Some of the biggest names in UK insurance were among firms to report potential data breach issues to the Information Commissioner's Officer over the past two financial years, with an average of three reports fielded from the industry a week. Post investigates who reported, how many times and why.

Are you aware of a cyber incident affecting an insurer, broker or service provider? Get in touch anonymously by email on [email protected]

  • LinkedIn  
  • Save this article
  • Print this page  

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact [email protected] or view our subscription options here:

You are currently unable to copy this content. Please contact [email protected] to find out more.

You need to sign in to use this feature. If you don’t have an Insurance Post account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here: