Sabre Insurance Cyber Attack

Incident Overview Sabre Insurance Group, a prominent motor insurer, has recently faced a targeted cyber attack. The attack occurred on 16 November 2023, but was contained effectively by the company’s IT security controls. Sabre Insurance believes that their swift response prevented access to sensitive areas of their systems, and no sensitive customer data was compromised. The company has maintained the security of their policy management and claims reporting systems throughout the incident​.

LockBit Ransomware Involvement The LockBit ransomware group, a well-known cyber threat entity, has claimed responsibility for the data breach at Sabre Insurance. This group, known for its extortion tactics, has issued an ultimatum to the company, threatening to release its data on 30 November 2023 unless their demands are met. The demands include a $10,000 payment for a 24-hour extension or a $900,000 payment for either the destruction of the stolen data or its return to Sabre Insurance. This threat adds urgency to the situation, particularly in light of the recent passing of Andy Pomfret, Sabre Insurance’s Non-Executive Chair, which has led to a leadership transition within the company​​​.

LockBit Ransomware Profile The LockBit ransomware group, primarily targets enterprises and government organizations. Since its emergence in September 2019, LockBit has conducted widespread attacks globally, including in the United States, China, India, and several European countries. The group strategically selects targets likely to pay substantial sums to avoid disruption. Notably, LockBit avoids attacking systems within Russia and other Commonwealth of Independent States, possibly to evade prosecution in those regions​.

Further Reading