Early last week, the MMA insurer announced on its site that it had been the victim of a computer attack, but gave little information on the exact nature of the attack. About ten days later, the information filtered in droplets and the site gave no more news, but activities were gradually resuming.
The information is rather on the side of the Collectif CGT COVEA, the CGT union branch of the COVEA group to which the MMA insurer belongs. We learn that the attack targeted the headquarters of MMA, based in Le Mans, and had side effects on the other subsidiaries of the Covea group: MAAF, GMF and Fidélia were affected to a lesser extent.
The attack was discovered in the morning of Friday the 17th and the group’s management quickly declared a complete blockade of the infrastructure, which lasted for a week. The group’s employees stayed at home for the most part: only employees who did not need access to IT tools and the group’s IT teams were allowed to work on site.
The attack targeting MMA was indeed ransomware: Group management told employee representatives that the attack consisted of encrypting servers. “A ransom, the amount of which has not been disclosed, has been demanded, but has not been paid by the company,” the statement said. Management also told employees that no data theft has been observed.
The group is now working on its resumption of activity: employees were asked to turn in their IT equipment last week so that they could carry out an analysis over the weekend. Services are gradually being reactivated, internal messaging has notably been reactivated and employees are invited to return to their post this week. The website always displays the same message. We have posed several questions to group management and this article will be updated if more information reaches us.
The lack of communication from management is nonetheless pointed out: the COVEA group has remained discreet about the details of the attack. The only publicly disseminated information was on the site of MMA.fr, which evoked “an attempt of malicious act”. The CGT also published a statement on its website denouncing the lack of transparency of the management during the attack. The impact of the attack is nevertheless significant: the CGT thus mentions a “loss of 30,000 hours of work” for the Compensation department, which was unable to work during the week.