The Connecticut-based Hartford Financial Services Group – a Fortune 100 company and one of the largest investment and insurance companies in the US – has suffered a breach that resulted in password-stealing Trojans being installed on a number of the company’s servers.
The Hartford – as it is colloquially called – has notified the New Hampshire Attorney General about the breach back at the beginning of March, as well the some 300 affected individuals. According to ComputerWorld, the victims were mostly Hartford employees and contractors – less than 10 individuals were actual customers.
“The Hartford has detected a virus that infected our Windows server environment, which may have resulted in the capture of your personal information,” it says in the letter sent to the affected employees. “At this time, we do not know what, if any, personal information the virus may have captured from your session. We do know that the virus has the potential to capture confidential data such as bank account numbers, social security numbers, user accounts/logins, passwords, and credit card numbers.”
The breach was noticed first on February 28th, and a subsequent investigation into the matter traced it back to February 22nd. A number of servers were compromised, including the Citrix servers which the employees use to access the company systems from a remote location.
The company notified the victims that their Hartford password has been reset and urged them to reset personal passwords for all sites visited while using the company systems between the two dates.
The Hartford has been working with Symantec to patch up its systems and clean them up of any and all malware present. It has also offered all affected employees and users a free two-year subscription to a credit monitoring program.
Details about how the attackers have managed to access the servers have not been shared, but judging by one of the steps that the company is taking in the wake of the discovery of the breach – additional privacy and information security training for employees – it’s most likely that the hackers gained access after an employee had clicked on a malicious link or unknowingly downloaded the malware.