CNA Financial Pays $40 Million in Ransom After Cyberattack

Posted on 05/20/2021


U.S. insurance giant CNA Financial Corporation coughed up US$ 40 million in late March 2021 to regain control of its network after a ransomware attack.

CNA Financial paid the hackers about two weeks after a trove of company data was stolen, and CNA officials were locked out of their network. In a statement, a CNA spokesperson said the company followed the law. She said the company consulted and shared intelligence about the attack and the hacker’s identity with the FBI and the Treasury Department’s Office of Foreign Assets Control, which said last year that facilitating ransom payments to hackers could pose sanctions risks.

In a security incident update published on May 12, CNA said it did “not believe that the systems of record, claims systems, or underwriting systems, where the majority of policyholder data – including policy terms and coverage limits – is stored, were impacted.”

Its principal subsidiary, Continental Casualty Company, was founded in 1897.

CNA Financial Corporation recently hired Susan Stone from Marsh LLC as general counsel and executive vice president months after losing its former top lawyer.

Get News, People, and Transactions, Delivered to Your Inbox