Insurance giant Aviva UK were last month hit by an attack based on the Heartbleed exploit that allowed hackers to access workers’ iPhones. Insiders claim Aviva is in talks about moving to a new platform due to the breach.
Aviva was using BYOD service MobileIron to manage more than 1,000 smart devices such as iPhones and iPads. On the evening of the 20 May, a hacker compromised the MobileIron admin server and posted a message to those handhelds and the email accounts, according to The Register.
The hacker then performed a full wipe of every device and subsequently took out out the MobileIron server itself.
In a statement Aviva moved to reassure clients that customer data wasÃ‚Â notÃ‚Â exposed.
The issue was specific to iPhones and none of Aviva’s business data was accessed or lost. Someone gained access to a third party supplier, which also enabled them to reset mobile devices for some Aviva users. There were no financial losses or repercussions. It was an overnight issue and by the start of the next day we had begun to restore devices.
Aviva reportedly moved impacted staff onto a new Blackberry 10 service to manage all their Apple devices, and are in discussions with MobileIron reseller Esselar to cancel their contract.
MobileIron has issued the following statement:
“It is important to note that foundational components of the MobileIron Infrastructure are not vulnerable to the attack including our VSP (management console), Sentry (Secure Mobile Gateway), ConnectedCloud, Anyware, and the MobileIron client. None of these product components are vulnerable. We also conducted a recent webinar reviewing this for our customers.”
We track anonymized user information to improve our website.
Because we respect your right to privacy, you can choose not to allow some types of cookies and processing. Click on the different category headings to find out more and change our default settings. Not allowing some types of cookies may impact your experience of our Services and what we are able to offer.
In order to use this website we use the following technically required cookies
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in. Loss of the information stored in a preference cookie may make the website experience less functional but should not prevent it from working.
This cookie enable us to detect the country of which you are visiting from.
These cookies may be set through our Services by our partners. Some have functional purposes such as capping the number of times you see an ad within a short span of time, but most, through uniquely identifying your browser and the device you use to access our Services and the processing of other information, will build a profile of your interests and show you ads more relevant to them, inferred from your browsing activity. If you do not allow these cookies, you will still receive ads but they will be less targeted and less likely to be relevant to your interests.