Threat Watch

Aon Hacked, Exposed Sensitive Information of Nearly 150,000 Customers

The British multinational financial services firm, Aon, announced that approximately 146,000 North American customers had details exposed after threat actors breached Aon’s systems multiple times from December 2020 through February 2022. Aon disclosed the breach to customers in May 2022 and alerted customers that information such as driver’s license numbers, Social Security numbers and “in a small number of cases, benefits enrollment information.” Aon announced that their investigation into the incidents has concluded, and all affected parties have been notified. The company is currently facing at least two separate lawsuits resulting from the beaches.

ANALYST NOTES

Aon announced that after a third-party investigation, they concluded that the data was not being publicly distributed at that time. Often threat actors will hold data for an extended period of time and then try to offload it after news coverage of the incident dies down. However, simply because the data is not public at this time does not mean that anyone affected is safe from having it distributed. Affected customers should take advantage of available identity protection programs, and should be aware that their data could be leaked at a later date.

https://www.infosecurity-magazine.com/news/aon-hack-sensitive-information/