AXA

AXA is a global insurance provider operating under multiple aliases including AXA Insurance, AXA Singapore, and AXA Group, with its headquarters located in Singapore. The organisation offers a broad range of insurance products and services, particularly in the Asia-Pacific region, where it serves customers across markets such as Thailand, Malaysia, Hong Kong, and the Philippines. Its operations include health, life, and property insurance, with specific digital platforms like the Singapore Health Portal facilitating customer interactions and policy management. AXA’s presence in Asia is significant, with regional subsidiaries managing localized services while adhering to regional regulatory frameworks. The company has been involved in both direct customer insurance and cyber insurance services, notably adjusting its policy on ransomware reimbursement for new French policies in 2021, reflecting a strategic shift in risk management approach. Its services are tailored to meet the needs of individual and corporate clients, with an emphasis on data-sensitive sectors such as healthcare and finance.

AXA has experienced notable cybersecurity incidents that have shaped its operational posture. In 2017, a breach affected approximately 5,400 customers of its Singapore Health Portal, exposing email addresses, mobile numbers, and dates of birth, though critical identifiers like NRIC numbers and financial details were not compromised. The incident prompted investigations by Singapore’s Monetary Authority and Personal Data Protection Commission, leading to internal system reviews and a police report. A more severe incident occurred in 2021 when the Avaddon ransomware group targeted AXA’s Asian operations, claiming to have stolen three terabytes of sensitive data including medical reports and identification documents from Thailand, Malaysia, Hong Kong, and the Philippines. While AXA’s subsidiary confirmed unauthorized access in Thailand, it found no evidence of broader system compromise. The attack coincided with AXA’s public announcement to stop reimbursing ransomware payments for new policies in France, though no direct causal link was established. Cybersecurity authorities had previously warned that stolen insurer data could enable follow-on attacks against policyholders, underscoring AXA’s role as a high-value target in the financial services sector. The company engaged forensic experts and notified regulators in both incidents, demonstrating compliance with data protection obligations. AXA operates as part of a larger international group, with its Singapore headquarters serving as a key regional hub for its Asian operations, and its subsidiaries maintaining distinct legal and operational identities within their respective jurisdictions.