American Family Insurance Confirms Cyberattack Is Behind IT Outage

Insurance giant American Family Insurance has confirmed it suffered a cyberattack and shut down portions of its IT systems after customers reported website outages all week.

Source: Bleeping Computer | Published on October 23, 2023

Web outages at American Family

Insurance giant American Family Insurance has confirmed it suffered a cyberattack and shut down portions of its IT systems after customers reported website outages all week.

American Family Insurance (AmFam) is an insurance company focusing on commercial and personal property, casualty, auto, and life insurance, as well as offering investment and retirement planning The company employs 13,000 people and has a 2022 revenue of $14.4 billion.

In an email to BleepingComputer, American Family Insurance confirmed that they detected unusual activity on their network and shut off IT systems to prevent the spread of the cyberattack.

“This week, the technology teams at American Family Insurance detected unusual activity in a portion of our network. We quickly took precautionary measures to protect data and resources and shut down several business systems,” an AmFam spokesperson told BleepingComputer.

“We recognize the system outages are impacting customers, agents and employees and we appreciate their patience and understanding.”

“Our investigation into the activity is ongoing and includes internal and third-party experts. To date, we have not detected any compromises to critical business, customer data processing or storage systems, and several components of our enterprise continue to operate without interruption.”

The company hopes to bring systems back online as it continues investigating the breach and determining it is safe.
IT systems shut down after cyberattack

Since this past weekend, American Family Insurance has suffered IT outages impacting the company’s phone service, building connectivity, and online services.

BleepingComputer has also been told by multiple sources that internet connectivity was shut down by American Family Insurance after the attack, impacting other tenants of the same building.

Customers have reported being unable to pay bills or file claims online, only to be met with messages stating that the online site is down and to contact them via phone instead.

‘We are currently experiencing a service outage. If you need to file a claim, please call 1-800-692-6326,” reads a message on AmFam’s site.

“If you are unable to make a payment, you can do so when the system is back up and you will not be penalized. We appreciate your patience and understanding.”

Similarly, attempting to pay a bill as a guest displays an error message stating, “The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.”

It is unclear what type of attack American Family Insurance suffered, but it shares signs similar to ransomware attacks plaguing the enterprise.

Many of these attacks occur over the weekend when fewer employees monitoring the network or using their computers and noticing suspicious activity.
As part of the attacks, the threat actors commonly spread throughout the network, stealing data and encrypting devices.

When the attack is completed, victims are left with ransom notes warning that the data will be leaked publicly if a ransom demand is not paid.
Unfortunately, these tactics have been very successful, with blockchain analysis company Chainalysis reporting that ransomware gangs have earned at least $449.1 million in 2023.