
Aon, earlier this year disclosed that 145,889 of its North American customers had their sensitive information exposed in a large data breach. Initially detailed out in our blog earlier.
Aon has informed that hackers breached its systems at various times from December 29 2020 to February 26 2022.
Aon disclosed the breach in a Securities & Exchange Commission filing in February. Further details were disclosed three months later, on May 26.
Aon told affected individuals that PII includes driver’s license numbers, Social Security numbers and in a small number of cases, benefits enrolment information. It has taken numerous steps to confirm that the unauthorized third party no longer has access to the data and Aon has no indication the unauthorized third party further copied, retained, or shared any of the data.
Our investigation is complete, and we have concluded the process of notifying those clients and individuals whose personal information was temporarily obtained. The third-party investigation found no evidence that the information has been or will be misused and series of controls designed to further strengthen existing safeguards and provided complimentary credit monitoring services for those individuals who have received notice.
Aon Statement
Due to this data breach, Aon faces at least two lawsuits from plaintiffs. Two complaints seeking class-action status were filed in Chicago. Aon offered affected customers with 24-month membership with an identity-protection firm.