Many business owners like yourself provide employee benefits like retirement, dental, and accident insurance policies. One of the top financial service companies that offers this and more is MetLife, which functions globally. Suppose MetLife is, in fact, your insurance provider. In that case, you’re probably wondering about the recent alleged attack that the company has undergone since it could affect you and your workers.
RansomHub’s Side of the Story
RansomHub, a new but infamous ransomware group that surfaced in 2024, has been eyeing MetLife, an insurance giant. Using the ransomware-as-a-service operation, the hackers claimed to have stolen 1 TB of information directly from the insurance company’s databases.
Following the story, Cybernews reported that this information included a minutes log from a meeting on December 11th. These discussed internet issues they were having that affected customers and investments. The files also included documents from July 2024 from an Executive Board meeting, investment and financial documents, and details about their Brazil, Columbia, and Chile systems.
Because every bit of information leaked was in Spanish, Cybernews had reason to believe it was the Latin American division that was under attack.
The cybercriminals then placed MetLife on their homepage with a countdown clock. At the time, it stated that the company had 11 days to pay a ransom that they did not visibly disclose. However, despite this and proof of stolen documents, MetLife said otherwise.
MetLife’s Response
The insurance company's spokesperson claims there was no such attack against any MetLife department. He stated that the closest thing to a threat the company has seen is one of its subsidiaries undergoing a breach in recent months.
According to the spokesperson, the Equador-based Fondo Genesis is a financial services firm that does not operate within the MetLife enterprise systems. That means any impact Fondo Genesis receives is limited to them alone, and the effects would not reach the insurance company in question.
This attack was alleged to have occurred on New Year’s Eve. However, MetLife is not the only company facing this allegation.
Hudson Rock, a data intelligence company that prevents ransomware attacks and other fraudulent activities, sent a report to MetLife. The former claimed that a MOVEit hack exposed almost 600,000 records from the insurance company’s databases. Yet again, the company denied this.
The spokesperson stated that MetLife and Fondo Genesis were safe from this attack. That means the MOVEit hack never compromised the insurance company or its subsidiaries.
What Does This Mean?
The cybercriminal group claimed responsibility for the attack on Tuesday, December 31, the same day as the attack. The next day, MetLife denied all allegations of a threat to its core systems. So, where does that leave things?
As of now, no new information has come to light. So, if you’re one of the 100 million MetLife financial services customers worldwide, you likely have no reason to worry. However, keeping your eyes and ears open is always key!
