ADVERTISEMENT

Zurich Insurance Group secures data leak

The Swiss insurance giant, which handles over 55M clients, left a treasure trove of sensitive data exposed. If it fell into the wrong hands, it could’ve led to a multitude of attacks on the company and its clients.

Zurich Insurance Group logo

By Shutterstock

Jurgita Lapienytė
Jurgita Lapienytė Chief Editor
Jun 28, 2023 Updated: 29 June 2023 3 min read
  • The company has over 55 million clients
  • It employs 55,000 people
  • As per Forbes' Global 2000s ranking, the group was the 112th largest public corporation in the world in 2021
  • It ranks in 179th position in the Fortune 500 list
  • Revenue was nearly $70 billion in 2021

Zurich data leak

ADVERTISEMENT
  • Multiple production database credentials: A production database typically contains data stored and used by professionals to conduct business operations.
  • Active directory admin credentials: Active Directory is a collection of services and a database that enables users to access the network resources necessary for their tasks. It serves as a bridge connecting users to the tools and information required to accomplish their work. These particular credentials are a goldmine for ransomware operators.
  • Git directory: This is where all the metadata about a certain project is stored. It is sensitive because exposing the project’s source code could lead to the discovery and exploitation of its flaws.
  • MOVEit credentials:MOVEit Transfer, a managed file transfer software, has been all over the news recently since Russia-linked threat actors began a massive exploitation of a zero-day bug they’ve likely been sitting on for two years.
  • MobileIron credentials: This enables access to employee mobile phones and computers.
  • Sunrise Business Account credentials: Since Sunrise provides business mobile services, leaked credentials could give threat actors access to employee personal data.
  • Ansible credentials: This could lead to threat actors perpetrating remote access, including remotely deploying malware or spyware.
  • SAP credentials: SAP is one of the world’s leading software providers, managing every aspect of business operations from logistics and finance to HR.

Why it matters

  • Reset IDs, tokens, passwords, and credentials
  • Create secure, unique passwords that are preferably generated randomly
  • Implement source code security policy, access control, and protect endpoints or entry points of user devices against malicious attacks
ADVERTISEMENT