Cyber Incident Victim: Tokio Marine Insurance Singapore

Tokio Marine Holdings, a major Japanese insurance group, disclosed a ransomware attack targeting its Singapore subsidiary, Tokio Marine Insurance Singapore (TMiS), in mid-August 2021. The parent company detected the incident and promptly isolated TMiS's network to prevent lateral movement, confirming that no other subsidiaries within Singapore were compromised. While the company asserted no customer information or confidential group data was exfiltrated, it engaged a third-party firm to conduct forensic analysis and validate the attack's scope—a standard precaution given most modern ransomware attacks involve data theft alongside encryption. Tokio Marine publicly acknowledged the breach through statements on its website in both Japanese and English, apologizing for disruptions while emphasizing containment to the Singapore entity. The incident was reported to relevant Singaporean government authorities as part of response protocols.

This attack occurred amid a pattern of ransomware campaigns against insurance providers globally. Earlier in 2021, CNA Financial Corporation suffered a Phoenix CryptoLocker ransomware incident, while AXA branches faced AVaddon ransomware attacks resulting in 3TB of data theft across multiple countries. Ryan Specialty Group had also disclosed a separate April 2021 breach days before Tokio Marine's announcement. Threat actors explicitly target insurers due to their repositories of sensitive customer data, as noted by a REvil ransomware representative cited in coverage. Tokio Marine's status as Japan's largest property and casualty insurer heightened its attractiveness to cybercriminals seeking leverage over clients. The company's containment measures and third-party verification aimed to mitigate reputational risks and potential regulatory repercussions, though the specific ransomware variant and initial intrusion vector remained undisclosed in public statements.