French insurance giant AXA hit by a ransomware attack

French insurance giant AXA hit by a ransomware attack

AXA’s Asia Assistance division has suffered a ransomware attack which impacted IT operations in Thailand, Malaysia, Hong Kong and the Philippines. The attack comes days after AXA, one of the world's biggest cyber insurance companies, announced it will stop paying for ransomware crime payments in France.

At the time AXA said that the decision was made in response to concerns aired by French justice and cybersecurity officials about the devastating global epidemic of ransomware.

The perpetrator behind the ransomware attack on AXA appears to be the Avaddon ransomware gang. In a dark web post the group claimed responsibility for the incident and said that they stole over 3 TB of data from the company, including ID cards, passport copies, customer claims, reserved agreements, denied reimbursements, payments to customers, contracts and reports, all customers IDs and all customers bank account scanned papers, customer medical reports (including HIV, hepatitis, STD, and other illness reports), and other info.

AXA has confirmed that the intruders may have stolen some information from its systems, but the company believes only data processed by Inter Partners Assistance in Thailand was accessed.

Earlier this month, the Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) have issued the alerts warning of an ongoing Avaddon ransomware campaign targeting organizations in a variety of sectors across the world.


Back to the list

Latest Posts

Cyber Security Week in Review: July 4, 2025

Cyber Security Week in Review: July 4, 2025

In brief: Google patches Chrome 0Day, the US is on the hunt for North Korean IT workers, and more.
4 July 2025
AI chatbots fall for phishing scams

AI chatbots fall for phishing scams

The models provided the correct URL only 66% of the time; nearly 30% of responses pointed users to dead or suspended domains.
3 July 2025
Chinese hackers exploited Ivanti flaws in attacks against French government

Chinese hackers exploited Ivanti flaws in attacks against French government

ANSSI believes that the Houken campaign is operated by ‘UNC5174’, an entity believed to act as an initial access broker for China’s Ministry of State Security.
2 July 2025