A Manitoba-based insurance brokerage has fallen victim to a ransomware cyberattack.
Andrew Agencies, which offers home and auto insurance as well as a wide array of financial services through 18 local branches across the Prairies, has been named on a list of targets hit by an international cybercriminal gang, according to CBC News.
The cybercrime gang, known as Maze, claimed to have used malware to lock 245 machines belonging to the company, as early as October 21. This claim has landed the Andrew Agencies in hot water because, as of Tuesday (December 17), the firm had failed to report the breach to the Office of the Privacy Commissioner (OPC) – a requirement under Canadian privacy law if any breached personal information could “pose a real risk of significant harm to individuals.”
Andrew Agencies’ executive vice president and general counsel Dave Schioler confirmed the ransomware attack with CBC News. He said: “We have taken this matter very seriously and have expended considerable resources in the investigation and remediation of this incident.”
He added that the firm has been “actively investigating the circumstances surrounding” the security breach, and that, as of Wednesday (December 18), it had found “no evidence” that “sensitive” personal information had been jeopardized.
According to CBC News, hacking group Maze has listed Andrew Agencies among those who “don’t wish to co-operate with us, and [are] trying to hide our successful attack on their resources.” The gang claims to have stolen 1.5 gigabytes of data from the firm.
On Wednesday, Schioler said Andrew Agencies was still assessing the “gravity and extent” of the cyberattack. He said the company has been in touch with “the individuals claiming to be responsible” but they had not paid a ransom.