Cyber Incident Victim: AXA Seguros
Date:
Oct 2018
Location:
Mexico
Summary
A cyberattack targeted a major Mexican insurer, prompting the country's central bank to elevate security alerts within its payment system due to detected inconsistencies. The financial institution confirmed client information and resources remained secure despite the breach, while some entities temporarily shifted to alternative operational mechanisms as a precautionary measure following the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 23, 2018, Mexico’s central bank announced it had elevated the security alert level within its payment system following a report of “inconsistencies” in the cash payment matching system by a non-banking financial institution. The institution, later identified as insurer Axa Mexico, disclosed it had suffered a cyberattack the previous day (Monday, October 22), which triggered the central bank’s alert. Axa confirmed in a public statement that client information and financial resources remained secure and unaffected by the incident. The central bank directed some financial institutions to temporarily switch to an alternative operational mechanism as a precautionary measure, though it did not specify which institutions were affected or describe the technical nature of the alternative system. No details were provided regarding the attack vector, threat actor, or specific systems compromised at Axa beyond the reference to payment matching inconsistencies. The central bank’s statement emphasized the action was preventive, with no immediate evidence of fund theft or data breaches linked to this specific incident.
This event occurred against the backdrop of a prior cyberattack in May 2018 targeting Mexico’s interbank payment systems, during which attackers exploited payment system connections at five financial entities to steal approximately 300 million pesos ($15.3 million). While the October attack on Axa did not result in publicly disclosed client data compromise or financial losses, it prompted operational disruptions through the central bank’s mandated shift to alternative payment mechanisms for unspecified institutions. The central bank did not clarify whether the Axa incident involved attempted fund transfers or solely system integrity issues within the payment matching infrastructure. Axa’s assurance of client safety contrasted with the central bank’s heightened alert posture, indicating systemic concerns beyond the insurer’s individual incident. No further technical details about the attack’s detection, containment procedures, or forensic findings were disclosed by either Axa or Mexican authorities in the immediate aftermath.