In a statement issued Tuesday evening, CNA said the attack affected certain systems, including corporate email. It also shut down the functionality of its website.
“Out of an abundance of caution, we have disconnected our systems from our network, which continue to function,” the company said. “We’ve notified employees and provided workarounds where possible to ensure they can continue operating and serving the needs of our insureds and policyholders to the best of their ability.”
The company’s website, www.cna.com, has been reduced to a static display that includes its statement about the cybersecurity attack and dedicated email inboxes to handle claims during the outage.
CNA Financial, which has 5,800 employees worldwide, is one of the largest commercial property and casualty insurance companies in the U.S., generating $10.8 billion in revenue last year, according to financial reports.
In addition to alerting law enforcement, CNA said it has hired a team of third-party forensic experts to investigate and determine the full scope of the cyberattack.
“Should we determine that this incident impacted our insureds’ or policyholders’ data, we’ll notify those parties directly,” CNA said.
CNA, a subsidiary of Loews Corp., was founded in 1967, with its predecessor insurance companies dating back to 1897.