A British multinational financial services firm that boasts a range of risk-mitigation products has announced that it suffered from a large data breach in which information belonging to over 145,000 customers based in North America was exposed. The company reported that its systems were breached at varying times between December 29 2020 and February 26 2022. Aon disclosed the security breach in February, when it was discovered, to the Securities and Exchange Commission. More details of the attack were announced in late May, when Aon notified affected individuals that their personally identifiable information stored on Aon servers was accessed.
Information exposed in the attack includes Social Security numbers, driver’s license numbers, and in some cases, benefits enrollment information. Aon worked with security teams to ensure that the third party responsible for the breach can no longer access the sensitive data. Thus far, there is no indication that any of the data was shared. Customers were offered a 24 month membership with an identity protection firm to ensure that they are not subject to any further damage.