Cyber Incident Victim: Assimoco
Date:
Mar 2022
Location:
Italy
Summary
A cyberattack targeted an insurance company's online portal, prompting rapid detection and isolation of affected systems to prevent unauthorized access to customer data. Operational disruptions forced manual processing of new contracts via email, complicating standard business workflows. The organization maintained its ability to conduct all transactions despite these temporary limitations and anticipated restoring normal automated procedures shortly. The origin of the attackers remained unidentified, with no confirmed compromise of client information during the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around March 1, 2022, the insurance company Assimoco experienced a cyberattack targeting its portal. Arno Perathoner, Director of Raiffeisen Versicherungsdienst, publicly confirmed the incident, stating that attackers compromised the system but were detected rapidly. The compromised systems were immediately isolated and decommissioned to prevent further unauthorized access, particularly to customer data repositories. This containment measure successfully prevented exfiltration of sensitive customer information according to Perathoner’s assessment. The isolation of affected systems rendered them inaccessible even to authorized personnel, disrupting normal business operations.
The attack significantly impacted Assimoco’s operational capabilities, forcing manual processing of new insurance contracts. Employees resorted to collecting customer data via alternative methods and transmitting information through email—a marked departure from automated workflows. Perathoner characterized these temporary procedures as more complex than standard operations but affirmed the company’s ability to fulfill all contractual obligations. Restoration efforts prioritized resuming normal operations, with Perathoner projecting full recovery by the following day. The geographic origin of the attackers remained unidentified at the time of reporting, with no attribution to domestic or foreign actors. Raiffeisen’s exclusive partnership with Assimoco underscored the incident’s operational significance for both entities.