Aon Company Cyber Security Posture
aon.comWe exist to shape decisions for the better โ to protect and enrich the lives of people around the world. Through actionable analytic insight, globally integrated Risk Capital and Human Capital expertise, and locally relevant solutions, our colleagues provide clients in over 120 countries with the clarity and confidence to make better risk and people decisions that help protect and grow their businesses.
Aon Company Details
aon
75543 employees
1381428.0
52
Financial Services
aon.com
246
AON_1512900
In-progress
Aon Risk Score (AI oriented)Between 900 and 1000
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
Aon Global Score.png)
Aon Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 900 and 1000 |
Aon Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| Aon Corporation PLC | Breach | 60 | 3 | 12/2020 | AON604072625 | Link | |
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: The Washington Attorney General's Office reported a data breach involving Aon Corporation PLC on May 26, 2022. The breach, which began on December 29, 2020, was due to unauthorized access and affected 6,889 individuals in Washington, compromising names, Social Security numbers, and driver's license numbers. | |||||||
| Aon Plc | Breach | 85 | 4 | 12/2020 | AON455072625 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: The Maine Attorney General's Office reported that Aon Plc experienced an external system breach (hacking) affecting 153,784 individuals, including 456 Maine residents. The breach occurred between December 29, 2020, and March 1, 2022, and was discovered on February 25, 2022. Consumers were notified on May 27, 2022, and identity theft protection services were offered for 24 months through Experian. | |||||||
| Aon PLC | Breach | 85 | 4 | 5/2020 | AON427072825 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: On May 26, 2022, the California Office of the Attorney General reported that Aon PLC experienced a cyber incident impacting certain systems, which occurred between December 29, 2020, and February 26, 2022. The breach potentially compromised personal information including names, Social Security numbers, and driver's license numbers, although it is stated that there is no evidence of misuse of personal information. | |||||||
| Aon | Cyber Attack | 60 | 1 | 02/2022 | AON19301322 | Link | |
Rankiteo Explanation : Attack without any consequencesDescription: Aon, the global insurance and reinsurance broker was recently targeted in a cyber-attack. The attack hit a limited number of its systems and didn't had a significant impact on its operations. | |||||||
| Aon | Data Leak | 60 | 3 | 07/2023 | AON20209723 | Link | |
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: A MOVEit attack on the business service provider Aon resulted in the personal data of 3000 staff at the Dublin Airport being compromised. An unauthenticated attacker might use the SQL injection vulnerability to access MOVEit Transfer's database without authorization. DAA has stated that it is helping the affected employees, however, Aon has not yet made a public statement regarding the security issue. | |||||||
Aon Company Subsidiaries
We exist to shape decisions for the better โ to protect and enrich the lives of people around the world. Through actionable analytic insight, globally integrated Risk Capital and Human Capital expertise, and locally relevant solutions, our colleagues provide clients in over 120 countries with the clarity and confidence to make better risk and people decisions that help protect and grow their businesses.
Access Data Using Our API
Get company history
Rapid.png)
Aon Cyber Security News
LevelBlue Completes Acquisition of Aonโs Cybersecurity and IP Litigation Consulting Groups
We simplify cybersecurity through award-winning managed services, experienced strategic consulting, threat intelligence, and renowned research.
Bridging the NIS2 Cyber Security Gap
Organizations must prioritize addressing critical cyber security vulnerabilities to comply with the EU's NIS2 Directive and help bolster their resilienceย ...
Aon Shares Slide 0.63% on 230th-Ranked $580M Volume as LevelBlue Bolsters Cybersecurity Leadership
Aon (AON) fell 0.63% on August 1, 2025, with a trading volume of $580 million, ranking 230th in market activity. The decline coincided withย ...
LevelBlue Completes Acquisition of Aon's Cybersecurity and IP Li
With this acquisition, LevelBlue integrates elite cyber and high-tech IP litigation consulting expertise into its offerings, significantlyย ...
Latham Watkins Advises Aon in Sale of Cybersecurity and IP Litigation Consulting Groups to LevelBlue
Latham & Watkins Advises Aon in Sale of Cybersecurity and IP Litigation Consulting Groups to LevelBlue ... Cross-border team represents the globalย ...
Rising AI-Driven Cyber Attacks and Geopolitical Tensions Shaping Indiaโs Cyber Risk Landscape, Aon Study
Aon Plc, a leading global professional services firm, has released the Asia Pacific (APAC) findings from its 2025 Cyber Risk Report.
Dallasโ LevelBlue To Acquire Aonโs Cybersecurity and IP Litigation Consulting Groups
When Dallas-based LevelBlue spun out from AT&T Cybersecurity in May, it wasn't your typical startup. As Bob McCullen, LevelBlue's chairman andย ...
LevelBlue Expands Into Full-Spectrum Cyber Advisory with Aonโs Consulting Groups Acquisition
According to Robert McCullen, CEO of LevelBlue, โLevelBlue is already one of the largest pureplay MSSPs in the world, striving to simplifyย ...
LevelBlue to buy Aonโs cybersecurity and IP litigation consulting groups
The integration complements LevelBlue's existing 24/7 managed detection and response services. Credit: sf_freelance/Shutterstock.
Aon Similar Companies
Sparkasse
Sparkassen: Nah, prโยงsent und persโโnlich Als verlโยงssliche Hausbank stehen wir immer und โยบberall an der Seite unserer Kund:innen und Mitarbeitenden. Mit den Sparkassen kโโnnen Sie auf exzellente Beratung und einen echten Finanzverbund zโยงhlen, der nicht nur Ihre persโโnlichen Finanzen, sondern auc
Discover
Discoverยฎ is now part of Capital One. Together, weโll continue to deliver exceptional financial products and experiences, drive innovation, and serve customers. Find the latest updates at https://capitalonediscover.com. Discover is one of the most recognized brands in the U.S. with the Discoverยฎ ca
Credicorp
Somos el grupo financiero lรญder en el Perรบ con una vasta experiencia en el mercado peruano. Contamos con una sรณlida plataforma de Banca Comercial reforzada por una importante presencia en Banca de Inversiรณn en Latinoamรฉrica destinada a desarrollar el potencial de la regiรณn y acompaรฑar a nuestros cli
Pru Life UK
With 26 years of operations in the Philippines, we have the largest agency force of more than 39,000 licensed financial advisers ready to listen, understand and deliver. We are an innovative force in the life insurance industry who pioneered investment-linked or unit-linked insurance in the Philippi
Principal Financial Group
Principal Financial Groupยฎ is dedicated to improving the wealth and well-being of people and businesses around the worldโhelping more than 62M customers plan, protect, invest, and retire as of December 31, 2023. Along the way, we commit to supporting the communities where we do business. Improving o
CTBC Financial Holding Co., Ltd
CTBC Financial Holding Co., Ltd. was established on May 17, 2002 and headquartered in Taipei City of Taiwan, hiring over 25,000 employees worldwide. CTBC Holding houses eight subsidiaries: CTBC Bank Co., Ltd., Taiwan Life Insurance Co., Ltd., CTBC Securities Co., Ltd., CTBC Venture Capital Co., Ltd.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Aon CyberSecurity History Information
How many cyber incidents has Aon faced?
Total Incidents: According to Rankiteo, Aon has faced 5 incidents in the past.
What types of cybersecurity incidents have occurred at Aon?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack, Breach and Data Leak.
How does Aon detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with experian and communication strategy with consumers notified on may 27, 2022.
Incident Details
Can you provide details on each incident?
Incident : Data Breach
Title: Aon PLC Cyber Incident
Description: Aon PLC experienced a cyber incident impacting certain systems, which occurred between December 29, 2020, and February 26, 2022. The breach potentially compromised personal information including names, Social Security numbers, and driver's license numbers, although it is stated that there is no evidence of misuse of personal information.
Date Detected: 2022-05-26
Date Publicly Disclosed: 2022-05-26
Type: Data Breach
Incident : Data Breach
Title: Aon Plc External System Breach
Description: The Maine Attorney General's Office reported that Aon Plc experienced an external system breach (hacking) affecting 153,784 individuals, including 456 Maine residents. The breach occurred between December 29, 2020, and March 1, 2022, and was discovered on February 25, 2022. Consumers were notified on May 27, 2022, and identity theft protection services were offered for 24 months through Experian.
Date Detected: 2022-02-25
Date Publicly Disclosed: 2022-05-27
Type: Data Breach
Attack Vector: Hacking
Incident : Data Breach
Title: Data Breach at Aon Corporation PLC
Description: The Washington Attorney General's Office reported a data breach involving Aon Corporation PLC on May 26, 2022. The breach, which began on December 29, 2020, was due to unauthorized access and affected 6,889 individuals in Washington, compromising names, Social Security numbers, and driver's license numbers.
Date Detected: 2022-05-26
Date Publicly Disclosed: 2022-05-26
Type: Data Breach
Attack Vector: Unauthorized Access
Incident : Data Breach
Title: MOVEit Attack on Aon Compromises Personal Data of Dublin Airport Staff
Description: A MOVEit attack on the business service provider Aon resulted in the personal data of 3000 staff at the Dublin Airport being compromised. An unauthenticated attacker might use the SQL injection vulnerability to access MOVEit Transfer's database without authorization. DAA has stated that it is helping the affected employees, however, Aon has not yet made a public statement regarding the security issue.
Type: Data Breach
Attack Vector: SQL Injection
Vulnerability Exploited: SQL Injection
Threat Actor: Unauthenticated Attacker
Incident : Cyber Attack
Title: Cyber Attack on Aon
Description: Aon, the global insurance and reinsurance broker, was recently targeted in a cyber-attack. The attack hit a limited number of its systems and didn't have a significant impact on its operations.
Type: Cyber Attack
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident?
Incident : Data Breach AON427072825
Data Compromised: names, Social Security numbers, driver's license numbers
Incident : Data Breach AON455072625
Identity Theft Risk: High
Incident : Data Breach AON604072625
Data Compromised: Names, Social Security numbers, Driver's license numbers
Incident : Cyber Attack AON19301322
Systems Affected: limited number of systems
Operational Impact: didn't have a significant impact on its operations
What types of data are most commonly compromised in incidents?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are names, Social Security numbers, driver's license numbers, Names, Social Security numbers, Driver's license numbers and Personal Data.
Which entities were affected by each incident?
Incident : Data Breach AON455072625
Entity Type: Corporation
Industry: Professional Services
Customers Affected: 153784
Incident : Data Breach AON604072625
Entity Type: Corporation
Industry: Professional Services
Location: Washington
Customers Affected: 6889
Incident : Data Breach AON20209723
Entity Type: Government Entity
Industry: Aviation
Location: Dublin, Ireland
Customers Affected: 3000
Response to the Incidents
What measures were taken in response to each incident?
Incident : Data Breach AON455072625
Third Party Assistance: Experian
Communication Strategy: Consumers notified on May 27, 2022
How does the company involve third-party assistance in incident response?
Third-Party Assistance: The company involves third-party assistance in incident response through Experian.
Data Breach Information
What type of data was compromised in each breach?
Incident : Data Breach AON427072825
Type of Data Compromised: names, Social Security numbers, driver's license numbers
Sensitivity of Data: High
Personally Identifiable Information: True
Incident : Data Breach AON455072625
Number of Records Exposed: 153784
Incident : Data Breach AON604072625
Type of Data Compromised: Names, Social Security numbers, Driver's license numbers
Number of Records Exposed: 6889
Sensitivity of Data: High
Personally Identifiable Information: True
Incident : Data Breach AON20209723
Type of Data Compromised: Personal Data
Number of Records Exposed: 3000
References
Where can I find more information about each incident?
Incident : Data Breach AON427072825
Source: California Office of the Attorney General
Date Accessed: 2022-05-26
Incident : Data Breach AON455072625
Source: Maine Attorney General's Office
Incident : Data Breach AON604072625
Source: Washington Attorney General's Office
Date Accessed: 2022-05-26
Where can stakeholders find additional resources on cybersecurity best practices?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2022-05-26, and Source: Maine Attorney General's Office, and Source: Washington Attorney General's OfficeDate Accessed: 2022-05-26.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through were Consumers notified on May 27 and 2022.
Post-Incident Analysis
What is the company's process for conducting post-incident analysis?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Experian.
Additional Questions
General Information
Who was the attacking group in the last incident?
Last Attacking Group: The attacking group in the last incident was an Unauthenticated Attacker.
Incident Details
What was the most recent incident detected?
Most Recent Incident Detected: The most recent incident detected was on 2022-05-26.
What was the most recent incident publicly disclosed?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2022-05-26.
Impact of the Incidents
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident were names, Social Security numbers, driver's license numbers, Names, Social Security numbers, Driver's license numbers and Personal Data.
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident was MOVEit Transfer and limited number of systems.
Response to the Incidents
What third-party assistance was involved in the most recent incident?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Experian.
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were names, Social Security numbers, driver's license numbers, Names, Social Security numbers, Driver's license numbers and Personal Data.
What was the number of records exposed in the most significant breach?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.9K.
References
What is the most recent source of information about an incident?
Most Recent Source: The most recent source of information about an incident are California Office of the Attorney General, Maine Attorney General's Office and Washington Attorney General's Office.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
