The Hartford insurance company has said that its servers have been attacked by hackers who have installed password stealing programs such as the W32-Qakbot Trojan in the servers.
According to reports, several of the company’s Windows servers were attacked. The attack also targeted Citrix servers used by employees for remote access.
The company said the malware has affected a small number of employees and few customers as well, but has sent a warning letter to people who it thinks could be affected. The letter was sent to about 300 employees, contractors and a few customers.
The company said in the letter that it discovered about the breach in late February. However, it has warned that sensitive data such as bank account numbers, Social Security numbers and credit card numbers could also be compromised.
"We do know that the virus has the potential to capture confidential data such as bank account numbers, Social Security numbers, user accounts/logins, passwords, and credit card numbers," the letter said.
"It was a very small incident," said Debora Raymond, a company spokeswoman.
Qakbot is difficult to trace as it covers its tracks as it spreads from one computer to another in the network while exposing the computers for further attack.
According to Symantec, "the virus downloads files, steals confidential information, and opens a back door on the compromised computer. The worm contains rootkit functionality to allow it to hide its presence."
The Hartford Financial Services Group was founded in 1810 and is one of the largest insurance and investment companies based in the US, with offices in the US, Japan, the UK, Canada, Brazil and Ireland.
