Ransomware group LockBit posted Kingfisher Insurance’s name on their leak site, saying the stolen data included personal details of employees and customers.
Threat actors claim that they breach the servers of a British insurer, Kingfisher Insurance, as well as one of the company’s vehicle insurance brands, First Insurance.
We have contacted Kingfisher Insurance for comment but haven’t received a reply before going to press. The company replied the next day after publication came live. Kingfisher's comments are included in the follow up.
According to the post on LockBit’s leak site, the dataset includes personal data of employees and customers as well as contacts and corporate mail archives. Hackers claim they’ve pooled together 1.4 terabytes of data taken from the insurer.
LockBit-affiliated threat actors posted several email addresses that appear to belong to Kingfisher Insurance staff. The post included passwords to several management system accounts, such as Workday and Access, which the company uses.
Kingfisher is a UK insurance company controlling several prominent UK-based insurance brands. The company owns Classic Insurance Services, ClubCare Insurance, Cork Bays & Fisher, First Insurance, and other brands.
LockBit ransomware leads the digital extortion underworld. A ransomware report by threat intelligence firm Digital Shadows shows that in the second quarter of 2022, LockBit was the most active group by an overwhelming margin.
LockBit and its affiliates accounted for a third of all cyberattacks attacks involving organizations being posted to ransomware data-leak sites. Researchers attributed 231 victims to LockBit.
More recently, the Conti ransomware gang seems to have closed up shop once at the top of the ransomware game. Meanwhile, LockBit has been in the game since 2019, a lifetime in the ransomware business, releasing the second and, recently, the third generation of malware.
Pundits think LockBit’s success stems from the group’s ability to combine a business-oriented approach with specialized tech.
More from Cyberenews:
Subscribe to our newsletter