French insurer Axa was hit by a ransomware attack, the company announced Sunday, May 16.
The attack specifically hit its Asia Assistance division, affecting IT operations in Thailand, Malaysia, Hong Kong and the Philippines.
“As a result, certain data processed by Inter Partners Asia (IPA) in Thailand has been accessed,” the company said in a Reuters report. It also plans to notify corporate clients and individuals if they had been affected.
The attack was first reported by The Financial Times (paywall) on Saturday, May 15, before Axa confirmed the report a day later. Three terabytes of data were said to have been stolen by a ransomware group called Avaddon.
BleepingComputer also reported seeing a Distributed Denial of Service (DDoS) attack against AXA’s global websites that rendered the sites inaccessible for a time on Saturday. The site also said that some of the data stolen include customer medical reports which include sexual health diagnoses, copies of ID cards, bank account statements, claim forms, payment records, contracts, and more.
The group is said to be using DDoS attacks as an additional mechanism to force victims to pay aside from the ransomware.
The Philippine site Axa.com.ph remains inaccessible at the time of publication.
BleepingComputer said that Avaddon has given Axa about 10 days to cooperate, after which they would leak the data.
Just a week ago, The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) had given warnings about a wave of Avaddon attacks.