قالب وردپرس درنا توس
Home / Insurance / No money changes hands in Chubb ransomware settlement

No money changes hands in Chubb ransomware settlement



A settlement between a Chubb unit and a software company accused of failing to adequately inform a law firm of vulnerabilities in its electronic file-sharing software, leading to a payment of $2 million in ransomware, has been settled with no money changing hands , according to the company.

Palo Alto, Calif.-based Accellion had provided software services to an unidentified Boston law firm that was the underwriter of Chubb unit Ace American Insurance Co., according to court papers in Ace American Insurance Co. v. Accellion Inc.

In December 2020, Accellion became aware of vulnerabilities in the software and notified its clients, but allegedly sent the security patch to two people who had left the firm years earlier, despite the law firm allegedly asking the company in 201

7 to update its contact information, according to the complaint in the case. As a result, the law firm’s computer system was not updated, the complaint said.

That same month, after the warning was issued, an unauthorized user gained access to the law firm’s files, prompting the law firm’s IT and/or Ace to pay more than $2 million in exchange for the hacker agreeing not to publish the exfiltrated files, to provide a list of all data taken and to destroy the data in its possession. The law firm also incurred $375,000 in costs and attorneys’ fees, the complaint said.

Ace filed suit against Accellion in US District Court in Oakland, California, in December 2021, seeking more than $2.4 million plus interest and costs.

In a cross-complaint filed in April, Accellion said that under the law firm’s end-user license agreement, Accellion’s potential liability is limited to the fees paid by the client in the previous 12 months, which in this case totaled $42,181.82.

Accellion also said the law firm did not receive the vulnerability notification because it had opted out of receiving software update notifications. Accellion requested a declaratory judgment in the company’s favor.

The parties notified the court that they had reached a settlement under the court’s conditional discharge, which was issued on Wednesday.

Accellion general counsel Camilo Artiga-Purcell said in a statement, “We are pleased to see that Ace American Insurance Company, after discovery and evaluation of the evidence, has decided to dismiss its civil complaint with prejudice against Accellion, Inc.”

Accellion Inc. CEO Jonathan Yaron said in a statement, “Our team worked around the clock following the criminal hack to develop and release patches to resolve each (File Transfer Appliance) vulnerability and to provide unwavering support to customers affected by the incident .

“This is proof that the processes and efforts our team followed before, during and after the breach demonstrated the utmost care and concern for all customers.”

Chubb’s attorneys did not respond to a request for comment.

Earlier this week, a federal district court ruled against a Chubb Corp. unit, ruling that a Portland, Oregon-based beverage and sauce maker is entitled to the more than $107,000 it reimbursed the president after he made a ransomware payment from his personal cryptocurrency funds.


Source link