Branches of insurance giant AXA based in Thailand, Malaysia, Hong Kong, and the Philippines have been struck by a ransomware cyber attack.
As seen by BleepingComputer yesterday, the Avaddonransomware group claimed on their leak site that they had stolen 3 TB of sensitive data from AXA’s Asian operations.
Additionally, BleepingComputer observed an ongoing Distributed Denial of Service (DDoS) against AXA’s global websites making them inaccessible for some time yesterday.
The compromised data obtained by Avaddon, according to the group, includes customer medical reports (exposing their sexual health diagnosis), copies of ID cards, bank account statements, claim forms, payment records, contracts, and more.
The announcement from the group comes roughly a week after AXA stated that they would be dropping reimbursement for ransomware extortion payments when underwriting cyber-insurance policies in France.